Settings¶
This document describes the Django settings that can be used to customize the configuration
of mozilla-django-oidc
.
-
SITE_URL
¶ Default: No default URL that users access your site from. Make sure that you provide the protocol, domain, path and port if needed (e.g.
<protocol>://<domain>:<port>/<path>
)Note
This does not have to be a publicly accessible URL, so local URLs like
http://localhost:8000
orhttp://127.0.0.1
are acceptable as long as they match what you are using to access your site.
-
OIDC_OP_AUTHORIZATION_ENDPOINT
¶ Default: No default URL of your OpenID Connect provider authorization endpoint.
-
OIDC_OP_TOKEN_ENDPOINT
¶ Default: No default URL of your OpenID Connect provider token endpoint
-
OIDC_OP_USER_ENDPOINT
¶ Default: No default URL of your OpenID Connect provider userinfo endpoint
-
OIDC_RP_CLIENT_ID
¶ Default: No default OpenID Connect client ID provided by your OP
-
OIDC_RP_CLIENT_SECRET
¶ Default: No default OpenID Connect client secret provided by your OP
-
OIDC_VERIFY_JWT
¶ Default: True
Controls whether the OpenID Connect client verifies the signature of the JWT tokens
-
OIDC_USE_NONCE
¶ Default: True
Controls whether the OpenID Connect client uses nonce verification
-
OIDC_VERIFY_SSL
¶ Default: True
Controls whether the OpenID Connect client verifies the SSL certificate of the OP responses
-
OIDC_EXEMPT_URLS
¶ Default: []
This is a list of url paths or Django view names. This plus the mozilla-django-oidc urls are exempted from the id token renewal by the
RenewIDToken
middleware.
-
OIDC_CREATE_USER
¶ Default: True
Enables or disables automatic user creation during authentication
-
OIDC_STATE_SIZE
¶ Default: 32
Sets the length of the random string used for OpenID Connect state verification
-
OIDC_NONCE_SIZE
¶ Default: 32
Sets the length of the random string used for OpenID Connect nonce verification
-
OIDC_REDIRECT_FIELD_NAME
¶ Default: next
Sets the GET parameter that is being used to define the redirect URL after succesful authentication
-
OIDC_CALLBACK_CLASS
¶ Default: mozilla_django_oidc.views.OIDCAuthenticationCallbackView
Allows you to substitute a custom class-based view to be used as OpenID Connect callback URL.
Note
When using a custom callback view, it is generally a good idea to subclass the default
OIDCAuthenticationCallbackView
and override the methods you want to change.
-
LOGIN_REDIRECT_URL
¶ Default: /accounts/profile
Path to redirect to on successful login. If you don’t specify this, the default Django value will be used.
-
LOGIN_REDIRECT_URL_FAILURE
¶ Default: /
Path to redirect to on an unsuccessful login attempt.
-
LOGOUT_REDIRECT_URL
¶ Default: /
(Django <= 1.9)None
(Django 1.10+)After the logout view has logged the user out, it redirects to this url path.