Staging instance, all changes can be removed at any time

Skip to content

django: Add OIDC Bearer Token authentication backend for DRF views

Antoine Lambert requested to merge generated-differential-D5366-source into generated-differential-D5366-target

Add a generic Django REST Framework authentication backend enabling to authenticate a user using Keycloak and OpenID Connect bearer tokens.

The backend can be easily plugged into a DRF application by:

  • adding "swh.auth.django.backends.OIDCBearerTokenAuthentication" to the REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"] django setting.

  • configuring Keycloak URL, realm and client by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID in django settings

Users will then be able to perform authenticated Web API calls by sending their refresh token in HTTP Authorization headers.

That diff basically moves code and tests from swh-web with slight changes to make the backend generic.

Related to swh-web#3150 (closed)

Depends on !18 (closed)

Migrated from D5366 (view on Phabricator)

Merge request reports