tmb/django-oauth2proxy-sample
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
Sample project for how to use Django with OAuth2 Proxy https://blog.xn--blz-sna.eu/django-single-sign-on-with-oauth2-proxy.html
7 commits 1 branch 0 tags 48 KiB
  • Python 100%
Find a file
Exact
Tobias Bölz 653f4fa19c Information on CustomRemoteUserMiddleware added to README.md
2024-09-16 18:56:51 +02:00
myproject login_forbidden view added 2024-09-16 18:43:59 +02:00
.flake8 Files added 2024-09-16 17:17:05 +02:00
.gitignore Initial commit 2024-09-16 15:43:48 +02:00
LICENSE Files added 2024-09-16 17:17:05 +02:00
manage.py Files added 2024-09-16 17:17:05 +02:00
poetry.lock Use isort 2024-09-16 18:43:15 +02:00
pyproject.toml Use isort 2024-09-16 18:43:15 +02:00
README.md Information on CustomRemoteUserMiddleware added to README.md 2024-09-16 18:56:51 +02:00
requirements.txt Files added 2024-09-16 17:17:05 +02:00

README.md

django-oauth2proxy-sample

This is an example for how to use Django with OAuth2 Proxy. See this blog post for details.

To add OpenID Connect authentication to your Django development server, set up a client application in your identity provider, and run the following command:

$ oauth2-proxy \
--cookie-secret=insecure12345678 \
--provider=oidc \
--client-id=dev \
--client-secret=[] \
--redirect-url=http://127.0.0.1:4180/oauth2/callback \
--oidc-issuer-url=https://auth.example.org/realms/testing \
--email-domain="*" \
--code-challenge-method=S256 \
--upstream=http://127.0.0.1:8000

Then, open 127.0.0.1:4180 instead of 127.0.0.1:8000 in your browser, and you'll be asked to sign in before you can access your site.

In addition to setting the proper header for use with OAuth2 Proxy as described in the blog post, myproject.auth.middleware.CustomRemoteUserMiddleware updates the users' is_staff and is_superuser fields based on membership in the group admin, thus allowing users that are members of this group in the identity provider to access the admin.