Settings

This document describes the Django settings that can be used to customize the configuration of mozilla-django-oidc.

OIDC_OP_AUTHORIZATION_ENDPOINT
Default:No default

URL of your OpenID Connect provider authorization endpoint.

OIDC_OP_TOKEN_ENDPOINT
Default:No default

URL of your OpenID Connect provider token endpoint

OIDC_OP_USER_ENDPOINT
Default:No default

URL of your OpenID Connect provider userinfo endpoint

OIDC_RP_CLIENT_ID
Default:No default

OpenID Connect client ID provided by your OP

OIDC_RP_CLIENT_SECRET
Default:No default

OpenID Connect client secret provided by your OP

OIDC_VERIFY_JWT
Default:True

Controls whether the OpenID Connect client verifies the signature of the JWT tokens

OIDC_USE_NONCE
Default:True

Controls whether the OpenID Connect client uses nonce verification

OIDC_VERIFY_SSL
Default:True

Controls whether the OpenID Connect client verifies the SSL certificate of the OP responses

OIDC_EXEMPT_URLS
Default:[]

This is a list of url paths or Django view names. This plus the mozilla-django-oidc urls are exempted from the id token renewal by the RenewIDToken middleware.

OIDC_CREATE_USER
Default:True

Enables or disables automatic user creation during authentication

OIDC_STATE_SIZE
Default:32

Sets the length of the random string used for OpenID Connect state verification

OIDC_NONCE_SIZE
Default:32

Sets the length of the random string used for OpenID Connect nonce verification

OIDC_REDIRECT_FIELD_NAME
Default:next

Sets the GET parameter that is being used to define the redirect URL after succesful authentication

OIDC_CALLBACK_CLASS
Default:mozilla_django_oidc.views.OIDCAuthenticationCallbackView

Allows you to substitute a custom class-based view to be used as OpenID Connect callback URL.

Note

When using a custom callback view, it is generally a good idea to subclass the default OIDCAuthenticationCallbackView and override the methods you want to change.

OIDC_AUTHENTICATE_CLASS
Default:mozilla_django_oidc.views.OIDCAuthenticationRequestView

Allows you to substitute a custom class-based view to be used as OpenID Connect authenticate URL.

Note

When using a custom authenticate view, it is generally a good idea to subclass the default OIDCAuthenticationRequestView and override the methods you want to change.

OIDC_RP_SCOPES
Default:openid email

The OpenID Connect scopes to request during login.

OIDC_STORE_ACCESS_TOKEN
Default:False

Controls whether the OpenID Connect client stores the OIDC access_token in the user session. The session key used to store the data is oidc_access_token.

By default we want to store as few credentials as possible so this feature defaults to False and it’s use is discouraged.

Warning

This feature stores authentication information in the session. If used in combination with Django’s cookie-based session backend, those tokens will be visible in the browser’s cookie store.

OIDC_STORE_ID_TOKEN
Default:False

Controls whether the OpenID Connect client stores the OIDC id_token in the user session. The session key used to store the data is oidc_id_token.

OIDC_AUTH_REQUEST_EXTRA_PARAMS
Default:{}

Additional parameters to include in the initial authorization request.

OIDC_RP_SIGN_ALGO
Default:HS256

Sets the algorithm the IdP uses to sign ID tokens.

OIDC_RP_IDP_SIGN_KEY
Default:None

Sets the key the IdP uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format.

LOGIN_REDIRECT_URL
Default:/accounts/profile

Path to redirect to on successful login. If you don’t specify this, the default Django value will be used.

LOGIN_REDIRECT_URL_FAILURE
Default:/

Path to redirect to on an unsuccessful login attempt.

LOGOUT_REDIRECT_URL
Default:/ (Django <= 1.9) None (Django 1.10+)

After the logout view has logged the user out, it redirects to this url path.

OIDC_OP_LOGOUT_URL_METHOD
Default:'' (will use LOGOUT_REDIRECT_URL)

Function path that returns a URL to redirect the user to after auth.logout() is called.

Changed in version 0.7.0: The function must now take a request parameter.

OIDC_AUTHENTICATION_CALLBACK_URL
Default:oidc_authentication_callback

URL pattern name for OIDCAuthenticationCallbackView. Will be passed to reverse. The pattern can also include namespace in order to resolve included urls.