studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(backend) support Authorization code flow

Browse Source 
Integrate 'mozilla-django-oidc' dependency, to support
Authorization Code flow, which is required by Agent Connect.

Thus, we provide a secure back channel OIDC flow, and return
to the client only a session cookie.

Done:
- Replace JWT authentication by Session based authentication in DRF
- Update Django settings to make OIDC configurations easily editable
- Add 'mozilla-django-oidc' routes to our router
- Implement a custom Django Authentication class to adapt
'mozilla-django-oidc' to our needs

'mozilla-django-oidc' routes added are:
- /authenticate
- /callback (the redirect_uri called back by the Idp)
- /logout
This commit is contained in:
Lebaud Antoine
2024-02-15 11:00:30 +01:00
committed by aleb_the_flash
parent ec28c28d47
commit 38c4d33791
11 changed files with 335 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/backend/pyproject.toml
View File

@@ -35,7 +35,6 @@ dependencies = [
"django-storages==1.14.2",
"django-timezone-field>=5.1",
"django==5.0.2",
"djangorestframework-simplejwt[crypto]==5.3.1",
"djangorestframework==3.14.0",
"drf_spectacular==0.27.1",
"dockerflow==2024.1.0",
@@ -50,6 +49,7 @@ dependencies = [
"sentry-sdk==1.40.4",
"url-normalize==1.4.3",
"whitenoise==6.6.0",
"mozilla-django-oidc==4.0.0",
]
[project.urls]