rest-framework-auth0

Release 0.6.4

This library let you to authenticate an specific user on DRF based on the JWT Token returned by Auth0 Javascript libraries.

Homepage PyPI Python

Keywords
auth0, rest framework, django
License
MIT
Install
pip install rest-framework-auth0==0.6.4

Documentation

djangorestframework-auth0

This library let you to authenticate an specific user on DRF based on the JWT Token returned by Auth0 Javascript libraries.

Logo

Installation

  1. Using pip to install current release:
pip install rest_framework_auth0
  1. Using pip to install development version:
pip install git+https://github.com/mcueto/djangorestframework-auth0/

Quick start

  1. Make sure django.contrib.auth in on INSTALLED_APPS setting, otherwise add it by your own:
INSTALLED_APPS = [
    ...
    'django.contrib.auth',
    ...
]

This will allow us to login as an specific user as well as auto-creating users when they don't exist

  1. Add rest_framework_auth0 to your INSTALLED_APPS setting:
INSTALLED_APPS = [
    ...,
    'rest_framework_auth0',
]
  1. Add Auth0JSONWebTokenAuthentication in your DEFAULT_AUTHENTICATION_CLASSES located at settings.py from your project:
REST_FRAMEWORK = {
    ...,
    'DEFAULT_AUTHENTICATION_CLASSES': (
        ...,
        'rest_framework_auth0.authentication.Auth0JSONWebTokenAuthentication',
    ),
}
  1. Add your CLIENTS & MANAGEMENT_API settings in your settings.py file:
# Import cryptography libraries
from cryptography.x509 import load_pem_x509_certificate
from cryptography.hazmat.backends import default_backend
# Read the your Auth0 client PEM certificate
certificate_text = open('rsa_certificates/certificate.pem', 'rb').read()
certificate = load_pem_x509_certificate(certificate_text, default_backend())
# Get your PEM certificate public_key
certificate_publickey = certificate.public_key()
#
#
# AUTH0 SETTINGS
AUTH0 = {
  'CLIENTS': {
      'default': {
          'AUTH0_CLIENT_ID': '<YOUR_AUTH0_CLIENT_ID>',
          'AUTH0_AUDIENCE': '<YOUR_AUTH0_CLIENT_AUDIENCE>',
          'AUTH0_ALGORITHM': 'RS256',  # default used in Auth0 apps
          'PUBLIC_KEY': certificate_publickey',
      }
  },
  # Management API - For roles and permissions validation
  'MANAGEMENT_API': {
      'AUTH0_DOMAIN': '<YOUR_AUTH0_DOMAIN>',
      'AUTH0_CLIENT_ID': '<YOUR_AUTH0_M2M_API_MANAGEMENT_CLIENT_ID>',
      'AUTH0_CLIENT_SECRET': '<YOUR_AUTH0_M2M_API_MANAGEMENT_CLIENT_SECRET>'
  },
}
  1. Add the Authorization Header to all of your REST API request, prefixing Bearer to your token(default in common REST clients & Postman):
Authorization: Bearer <AUTH0_GIVEN_TOKEN>
  1. That's it, now only your Auth0 users can request data to your DRF endpoints
NOTE: In order to get the token authentication, the 'django.contrib.auth' app models migrations must be applied(python manage.py migrate).

Use cases

Sample Project

A sample project can be found here

Stats

Dependencies
4
Dependent packages
0
Dependent repositories
0
Total releases
21
Latest release
First release
Stars
91
Forks
18
Watchers
5
Contributors
7
Repository size
188 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.3
0.5.2
0.5.1
0.5.0
0.4.6
See all 21 releases

Contributors

Marcelo Cueto Calion54 Sebastian Aranguiz Devon Bleibtrey Windham Wong Martin Malek Chris Guo


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-21 05:35:08 UTC

Login to resync this project