- Mar 30, 2021
-
-
Antoine Lambert authoredAdd a generic Django REST Framework authentication backend enabling to authenticate a user using Keycloak and OpenID Connect bearer tokens. The backend can be easily plugged into a DRF application by: * adding "swh.auth.django.backends.OIDCBearerTokenAuthentication" to the REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"] django setting. * configuring Keycloak URL, realm and client by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID in django settings Users will then be able to perform authenticated Web API calls by sending their refresh token in HTTP Authorization headers. Related to T3150 -
Antoine Lambert authored
Add a generic Django authentication backend and related login / logout views enabling to authenticate a user using Keycloak and the OpenID Connect authorization code flow with PKCE ("Proof Key for Code Exchange"). The backend can be easily plugged into any django application by: - adding "swh.auth.django.backends.OIDCAuthorizationCodePKCEBackend" to the AUTHENTICATION_BACKENDS django setting - configuring Keycloak by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID in django settings - adding swh.auth.django.views.urlpatterns to the django application URLs - using the dedicated django views: "oidc-login" and "oidc-logout" Related to T3150
-
- Mar 09, 2021
-
-
Antoine R. Dumont authoredThat class is a custom User proxy model for remote users storing OpenID Connect related data (profile containing authentication tokens, ...). The model is also not saved to database as all users are already stored in the Keycloak one. That class will be used for example by both the webapp and the deposit. Related to T3079
-