django: Add OIDC Authorization code PKCE authentication backend (!18) · Merge requests · Platform / Development / swh-auth

Antoine Lambert requested to merge generated-differential-D5365-source into generated-differential-D5365-target Mar 26, 2021

Add a generic Django authentication backend and related login / logout views enabling to authenticate a user using Keycloak and the OpenID Connect authorization code flow with PKCE ("Proof Key for Code Exchange").

The backend can be easily plugged into any django application by:

adding "swh.auth.django.backends.OIDCAuthorizationCodePKCEBackend" to the AUTHENTICATION_BACKENDS django setting
configuring Keycloak by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID in django settings
adding swh.auth.django.views.urlpatterns to the django application URLs
using the dedicated django views: "oidc-login" and "oidc-logout"

That diff basically move code and tests from swh-web with slight changes to make the backend generic.

Related to swh-web#3150 (closed)

Migrated from D5365 (view on Phabricator)

Silent mode is enabled

django: Add OIDC Authorization code PKCE authentication backend

Merge request reports