Python Django: Accepting JWT

Accepting JWT Tokens from IndustryApps

Configuring your Third-Party Application to accept JWT tokens acquired from IndustryApps

JWT tokens would either be acquired from your Third-Party App’s existing Authentication system or from IndustryApp’s Keycloak authentication configuration.

Keycloak is an open source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services.

Handling multiple JWT issuers with Django, Python

In this case, handling multiple JWT issuers for SSO can be configured by utilising django-allauth package (i.e pip install django-allauth).

Inside settings.py add in the required config for allauth, if this has not been added already.

settings.py
INSTALLED_APPS = [
    ...
    # The following apps are required:
    'django.contrib.auth',
    'django.contrib.messages',
    'django.contrib.sites',

    'allauth',
    'allauth.account',
    'allauth.socialaccount',
    # if allauth is already installed, then keycloak as a provider should be added
    'allauth.socialaccount.providers.keycloak',
]

Django allauth requires the context request processor, inside OPTIONS.

'OPTIONS': {
            'context_processors': [
                # Already defined Django-related contexts here

                # `allauth` needs this from django
                'django.template.context_processors.request',
            ],

AUTHENTICATION_BACKENDS inside settings.py should include the following configuration.

AUTHENTICATION_BACKENDS = [
    ...
    # required for login by username in Django admin, regardless of `allauth` config
    'django.contrib.auth.backends.ModelBackend',

    # `allauth` specific authentication methods, such as login by e-mail etc
    'allauth.account.auth_backends.AuthenticationBackend',
    ...
]

As Django Admin uses the auth contrib application, the SSO can be integrated through the python-social-auth setting defined in the settings.py configuration file.

settings.py
SOCIALACCOUNT_PROVIDERS = {
    'keycloak': {
        'KEYCLOAK_URL': "https://iapp-keycloak/auth/realms/iapp-realm",
        'KEYCLOAK_REALM': 'IndustryApps'
    }
}

Inside urls.py be sure to include the url pattern for allauth.

urls.py
urlpatterns = [
    ....
    path('accounts/', include('allauth.urls')),
]

Additional information about django-allauth in Django, Python can be found here.

PreviousJava Spring: Accepting JWTNextUser and Role Identification

Last updated