No project description provided
Project description
django-cognito-saml
Library to implement django authentication using cognito (via pyjwt).
Assumptions made:
- Using
authorization code
flow. Implicit grant is insecure as the access token is transferred over in the request parameters without encryption.
Settings
Setting | Description |
---|---|
COGNITO_ENDPOINT | Either the hosted domain or custom domain for your cognito app |
COGNITO_CLIENT_ID | CLIENT_ID of your application in your user pool |
COGNITO_CLIENT_SECRET | CLIENT_SECRET of your application in your user pool |
COGNITO_JWKS_URI | The JWKS URI of your user pool. Used to verify the JWT. |
COGNITO_REDIRECT_URI | OPTIONAL It is possible to share one cognito app with multiple websites via a proxy. |
COGNITO_RESPONSE_HOOK | OPTIONAL Post authentication hook to modify the response (perhaps to add headers). Specify it as a django import_string. |
Installation
- Add the above settings to your settings.
COGNITO_ENDPOINT = "..."
COGNITO_CLIENT_ID = "..."
COGNITO_CLIENT_SECRET = "..."
COGNITO_JWKS_URI = "..."
COGNITO_REDIRECT_URI = "..."
COGNITO_RESPONSE_HOOK = ""
- Define your authentication backend. Subclass off
django_cognito_saml.backends.CognitoUserBackend
. A custom backend is where you add users to groups and / or do something custom. Setcreate_unknown_user = False
if we want only pre-created users to be used.
class CustomCognitoBackend(CognitoUserBackend):
# Change this to False if you do not want to create a remote user.
create_unknown_user = True
def authenticate( # type: ignore[override]
self, request: HttpRequest, cognito_jwt: dict[str, Any], **kwargs: Any
) -> Optional[AbstractBaseUser]:
remote_user = cognito_jwt["email"]
user = super().authenticate(request, remote_user=remote_user, **kwargs)
# Lets add the user to the group
groups = cognito_jwt["custom:groups"]
add_user_to_groups(user, group)
return user
def configure_user( # type: ignore[override]
self, request: HttpRequest, user: AbstractBaseUser
) -> AbstractBaseUser:
"""
Configure a user after creation and return the updated user.
By default, return the user unmodified.
"""
return user
- Add
CustomCognitoBackend
to your authentication backends. Alternatively; If you wish to modify the authentication logic (ie: Adding permissions)<>
AUTHENTICATION_BACKENDS = (
...
"apps.backends.CustomCognitoBackend",
...
)
- Add the cognito saml urls to your
urls.py
urls = [
...
path("/", include("django_cognito_saml.urls")),
]
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for django_cognito_saml-0.1.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | b48a505918db3d31411c7350a6c574f91fd2e3813ee5523e105b53445e9cd4bb |
|
MD5 | 10219f47b15601e1b398d37d67f11b35 |
|
BLAKE2b-256 | 2a32791d619b1b927f898bd379d7b759bfc69872046b727674338384c873b975 |
Close
Hashes for django_cognito_saml-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ffb89b4c71cf2ecc9740e9a5ce9f66f329aa66921a00038bcc93bb3c6ba1cec5 |
|
MD5 | 7c4f4e345360a8bbf70868d566c647f9 |
|
BLAKE2b-256 | 69b0d75bd604fa2129aeda3d4fbe5521ee53e8737ce52594ca0b0260899b12ea |