simple_openid_connect.integrations.djangorestframework.authentication#

DRF Authentication classes

See the DRF documentation on Setting the authentication scheme about how to use the classes contained here.

Classes

AccessTokenAuthentication([allow_anonymous])

An authentication scheme that interprets Authorization: Bearer ... http headers as access tokens and validates by using the Openid providers token introspection capabilities.

AccessTokenNoAnonAuthentication([...])

An authentication scheme that overwrites the default behavior of AccessTokenAuthentication so that tokens are only considered valid if a user can be uniquely identified.

AuthenticatedViaToken(token, token_introspection)

A marker that is attached as request.auth on successful authentication and which holds well formatted information about that authentication.

class simple_openid_connect.integrations.djangorestframework.authentication.AccessTokenAuthentication(allow_anonymous: bool | None = True)#

An authentication scheme that interprets Authorization: Bearer ... http headers as access tokens and validates by using the Openid providers token introspection capabilities.

By default, this may confirm that a request is authenticated and has appropriate access while not identifying a user. In that case, only an AnonymousUser instance is set on the request. If this is not desired, either set the allow_anonymous constructor parameter to False or use the AccessTokenNoAnonAuthentication authentication class.

__init__(allow_anonymous: bool | None = True)#
Parameters:

allow_anonymous – Whether access is allowed when the token is valid but no user can be identified. This is the case if the Openid providers token introspection endpoint does not return a user id.

authenticate(request: HttpRequest) Tuple[Any, AuthenticatedViaToken] | None#

Authenticate the request and return a two-tuple of (user, token).

authenticate_header(request: HttpRequest) str#

Return a string to be used as the value of the WWW-Authenticate header in a 401 Unauthenticated response, or None if the authentication scheme should return 403 Permission Denied responses.

class simple_openid_connect.integrations.djangorestframework.authentication.AccessTokenNoAnonAuthentication(allow_anonymous: bool | None = False)#

An authentication scheme that overwrites the default behavior of AccessTokenAuthentication so that tokens are only considered valid if a user can be uniquely identified.

__init__(allow_anonymous: bool | None = False)#
Parameters:

allow_anonymous – Whether access is allowed when the token is valid but no user can be identified. This is the case if the Openid providers token introspection endpoint does not return a user id.

class simple_openid_connect.integrations.djangorestframework.authentication.AuthenticatedViaToken(token: str, token_introspection: TokenIntrospectionSuccessResponse)#

A marker that is attached as request.auth on successful authentication and which holds well formatted information about that authentication.

__init__(token: str, token_introspection: TokenIntrospectionSuccessResponse)#