Installation¶
At the command line:
$ pip install mozilla-django-oidc
Warning
We highly recommend to avoid using Django’s cookie-based sessions because they might open you up to replay attacks.
Note
You can find more info about cookie-based sessions in Django’s documentation.
Quick start¶
After installation, you’ll need to configure your site to use mozilla-django-oidc
.
Start by making the following changes to your settings.py
file.
# Add 'mozilla_django_oidc' to INSTALLED_APPS
INSTALLED_APPS = (
# ...
'django.contrib.auth',
'mozilla_django_oidc', # Load after auth
# ...
)
# Add 'mozilla_django_oidc' authentication backend
AUTHENTICATION_BACKENDS = (
# ...
'django.contrib.auth.backends.ModelBackend',
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
# ...
)
Next, edit your urls.py
and add the following:
urlpatterns = patterns(
# ...
url(r'^oidc/', include('mozilla_django_oidc.urls')),
# ...
)
Then you need to add the login link to your Django templates. For example:
<html>
<body>
{% if user.is_authenticated %}
<p>Current user: {{ user.email }}</p>
{% else %}
<a href="{% url 'oidc_authentication_init' %}">Login</a>
{% endif %}
</body>
</html>
You also need to configure some OpenID connect related settings too.
Please add the following to your settings.py
:
OIDC_OP_AUTHORIZATION_ENDPOINT = "<URL of the OIDC OP authorization endpoint>"
OIDC_OP_TOKEN_ENDPOINT = "<URL of the OIDC OP token endpoint>"
OIDC_OP_USER_ENDPOINT = "<URL of the OIDC OP userinfo endpoint>"
OIDC_OP_CLIENT_ID = "<OP issued client id>"
OIDC_OP_CLIENT_SECRET = "<OP issued client secret>"
SITE_URL = "<FQDN that users access the site from eg. http://127.0.0.1:8000/ >"
Finally let your OpenID connect OP know about your callback URL. In our example this is:
http://127.0.0.1:8000/oidc/callback/
.