Python Django: Accepting JWT
JWT tokens would either be acquired from your Third-Party App’s existing Authentication system or from IndustryApp’s Keycloak authentication configuration.
Keycloak is an open source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services.
In this case, handling multiple JWT issuers for SSO can be configured by utilising
django-allauth package (i.e pip install django-allauth).Inside
settings.py add in the required config for allauth, if this has not been added already.settings.py
1
INSTALLED_APPS = [
2
...
3
# The following apps are required:
4
'django.contrib.auth',
5
'django.contrib.messages',
6
'django.contrib.sites',
7
8
'allauth',
9
'allauth.account',
10
'allauth.socialaccount',
11
# if allauth is already installed, then keycloak as a provider should be added
12
'allauth.socialaccount.providers.keycloak',
13
]
Django
allauth requires the context request processor, inside OPTIONS.'OPTIONS': {
'context_processors': [
# Already defined Django-related contexts here
# `allauth` needs this from django
'django.template.context_processors.request',
],
AUTHENTICATION_BACKENDS inside settings.py should include the following configuration.AUTHENTICATION_BACKENDS = [
...
# required for login by username in Django admin, regardless of `allauth` config
'django.contrib.auth.backends.ModelBackend',
# `allauth` specific authentication methods, such as login by e-mail etc
'allauth.account.auth_backends.AuthenticationBackend',
...
]
As Django Admin uses the
auth contrib application, the SSO can be integrated through the python-social-auth setting defined in the settings.py configuration file.settings.py
1
SOCIALACCOUNT_PROVIDERS = {
2
'keycloak': {
3
'KEYCLOAK_URL': "https://iapp-keycloak/auth/realms/iapp-realm",
4
'KEYCLOAK_REALM': 'IndustryApps'
5
}
6
}
7
Inside
urls.py be sure to include the url pattern for allauth.urls.py
1
urlpatterns = [
2
....
3
path('accounts/', include('allauth.urls')),
4
]
Last modified 11mo ago