Skip to content
Snippets Groups Projects
  1. May 30, 2022
  2. May 20, 2022
  3. May 02, 2022
  4. Apr 26, 2022
  5. Apr 21, 2022
  6. Apr 14, 2022
    • Antoine Lambert's avatar
      backends: Report only relevant exceptions to sentry · 7fddad7e
      Antoine Lambert authored
      When catching KeycloakError exceptions, other exception types
      will be then raised like ValueError or AuthenticationFailed.
      
      Those will be processed by django applications using these auth
      middlewares so there is no need to duplicate error reports in
      sentry here.
      7fddad7e
  7. Apr 08, 2022
  8. Apr 06, 2022
  9. Apr 05, 2022
  10. Mar 22, 2022
  11. Feb 10, 2022
  12. Feb 07, 2022
  13. Dec 16, 2021
  14. Dec 01, 2021
  15. Aug 23, 2021
    • Antoine Lambert's avatar
      django/backends: Handle error when user session is no longer active · 508b476d
      Antoine Lambert authored
      When a user session has been terminated without using the logout view
      (for instance a user can logout from all its authenticated sessions
      using the Keycloak account UI), the expired OIDC profile is still
      in webapp cache which causes errors and prevent new user logins.
      
      So ensure to remove expired profile from cache when detecting Keycloak
      session is no longer active in django authentication backend.
      
      Related to T3496
      v0.6.1
      508b476d
  16. Jul 01, 2021
  17. Jun 09, 2021
  18. Apr 27, 2021
    • Antoine Lambert's avatar
      tox: Add sphinx environments to check sane doc build · dc9ea01d
      Antoine Lambert authored
      Enable to check package documentation can be built without producing
      sphinx warnings.
      
      The sphinx environment is designed to be used in continuous integration
      in order to prevent breaking documentation build when committing changes.
      
      The sphinx-dev environment is designed to be used inside a full swh
      development environment.
      
      Related to T3258
      v0.5.4
      dc9ea01d
    • Antoine Lambert's avatar
      pytest_plugin: Fix a sphinx warning · a81214a8
      Antoine Lambert authored
      Sphinx complains about an unexpected indentation if a constructor
      docstring is missing.
      a81214a8
  19. Apr 22, 2021
  20. Apr 13, 2021
  21. Apr 09, 2021
  22. Apr 07, 2021
    • Antoine Lambert's avatar
      django/backends: Improve expired token handling · 309118c1
      Antoine Lambert authored
      The first time a user sends an expired token previously used to
      perform authenticated Web API calls, Keycloak will return the
      following error message: "Offline session not active".
      
      So handle that error message too for indicating a token has expired.
      
      Related to T3121
      v0.5.2
      309118c1
    • Antoine Lambert's avatar
      django/backends: Improve error message when a bearer token expired · d06924ed
      Antoine Lambert authored
      This replaces the Keycloak error message by a more comprehensible one
      for end users.
      
      Unfortunately, there is no way to get the bearer token validity period
      apart using Keycloak Admin REST API but we clearly do not want to query
      it in a django authentication backend.
      
      Related to T3121
      v0.5.1
      d06924ed
  23. Apr 06, 2021
  24. Mar 30, 2021
    • Antoine Lambert's avatar
      django: Add OIDCSessionExpiredMiddleware · e5fd97a7
      Antoine Lambert authored
      That middleware detects when a user previously logged in using
      the OpenID Connect authentication backend got his session expired.
      
      In that case it will perform a redirection to a django view whose
      name must be set in the SWH_AUTH_SESSION_EXPIRED_REDIRECT_VIEW
      django setting (typically a logout view).
      
      Related to T3150
      v0.5.0
      e5fd97a7
    • Antoine Lambert's avatar
      django: Add OIDC Bearer Token authentication backend for DRF views · 0c8c3ce7
      Antoine Lambert authored
      Add a generic Django REST Framework authentication backend enabling to
      authenticate a user using Keycloak and OpenID Connect bearer tokens.
      
      The backend can be easily plugged into a DRF application by:
      
        * adding "swh.auth.django.backends.OIDCBearerTokenAuthentication"
          to the REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"]
          django setting.
      
        * configuring Keycloak URL, realm and client by adding
          SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID
          in django settings
      
      Users will then be able to perform authenticated Web API calls by
      sending their refresh token in HTTP Authorization headers.
      
      Related to T3150
      0c8c3ce7
    • Antoine Lambert's avatar
      django: Add OIDC Authorization code PKCE authentication backend · 367ead11
      Antoine Lambert authored
      Add a generic Django authentication backend and related login / logout
      views enabling to authenticate a user using Keycloak and the OpenID
      Connect authorization code flow with PKCE ("Proof Key for Code Exchange").
      
      The backend can be easily plugged into any django application by:
      
       - adding "swh.auth.django.backends.OIDCAuthorizationCodePKCEBackend"
         to the AUTHENTICATION_BACKENDS django setting
      
       - configuring Keycloak by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME
         and SWH_AUTH_CLIENT_ID in django settings
      
       - adding swh.auth.django.views.urlpatterns to the django application URLs
      
       - using the dedicated django views: "oidc-login" and "oidc-logout"
      
      Related to T3150
      367ead11
  25. Mar 26, 2021
  26. Mar 25, 2021
  27. Mar 24, 2021
    • Antoine Lambert's avatar
      django/models: Add new fields and oidc_profile property to OIDCUser · 13a56100
      Antoine Lambert authored
      Add fields "expires_in" and "refresh_expires_in" to OIDCUser model storing
      the validity times for access and refresh tokens.
      
      Add oidc_profile property to get the OpenID Connect profile associated to
      the user as a dictionary.
      
      Update and simplify tests for OIDCUser model.
      
      Related to T3150
      13a56100
Loading