I recently was working on a take home assessment for a junior role in API development, which required to implement Authentication using OpenID Connect (OIDC). There are lots of tutorials that try to explain authentication protocols and how they differentiate from each other. Well, this is not one of those, as Nate Barbettini did a good job already.
In this article, I share how to implement a simple OIDC authentication in Django using mozilla-django-oidc. mozilla-django-oidc docs is really good and easy to follow for a simple setup. Before we continue you'll need to set up your identity provider (IdP). An IdP is where users authenticate from to access your application such as Google. Download the metadata.json file which will contain the required values for our settings file that we will transfer to the .env file.
- Project Setup (Make sure to have virtual environment activated).
pip install Django, mozilla-django-oidc
django-admin startproject oidc .
- Open the settings file and add the following
# Add 'mozilla_django_oidc' to INSTALLED_APPS
INSTALLED_APPS = (
# ...
'django.contrib.auth',
'mozilla_django_oidc', # Load after auth
# ...
)
# Add 'mozilla_django_oidc' authentication backend
AUTHENTICATION_BACKENDS = (
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
# ...
)
OIDC_RP_IDP_SIGN_KEY = "RS256"
OIDC_OP_JWKS_ENDPOINT = os.environ['OIDC_OP_JWKS_ENDPOINT']
OIDC_RP_CLIENT_ID = os.environ['OIDC_RP_CLIENT_ID']
OIDC_RP_CLIENT_SECRET = os.environ['OIDC_RP_CLIENT_SECRET']
OIDC_OP_AUTHORIZATION_ENDPOINT = "<URL of the OIDC OP authorization endpoint>"
OIDC_OP_TOKEN_ENDPOINT = "<URL of the OIDC OP token endpoint>"
OIDC_OP_USER_ENDPOINT = "<URL of the OIDC OP userinfo endpoint>"
LOGIN_REDIRECT_URL = "<URL path to redirect to after login>"
LOGOUT_REDIRECT_URL = "<URL path to redirect to after logout>"
If you read the mozilla-django-oidc docs (#RTFM), you probably saw the callback url path:
/oidc/callback. Add these to your IdP settings for now, but can later update the same for production environment.Update the urls.py file to include the oidc urls from mozilla. This is necessary for the callback, logout, and authentication paths.
# File urls.py
from django.urls import path
urlpatterns = [
# ...
path('oidc/', include('mozilla_django_oidc.urls')),
# ...
]
- With these simple setup, your project is ready with OIDC. Start the server and navigate to the
localhost:8000/oidc/authenticate/This will redirect you to a Google login screen (check the url, you notice its no longer localhost). Successful login will redirect back to localhost. mozilla-django-oidc will create a new User object using a hash of your email as the username. This behavior can be configured as explained in its docs. - To logout, visit the endpoint
oidc/logout/which will terminate the user session.
mozilla-django-oidc makes it easy to implement and understand how openID works in a simple way. To understand how to implement this for a REST API and a React Frontend, and how the whole flow works, try and clone the minicommerce project and run the project.
Hope this helps to start out using openID
Top comments (0)