Changeset View
Changeset View
Standalone View
Standalone View
docs/django.rst
Show First 20 Lines • Show All 85 Lines • ▼ Show 20 Lines | |||||
Login / logout views | Login / logout views | ||||
-------------------- | -------------------- | ||||
In order to login / logout a user with OIDC Authorization code flow with PKCE, two | In order to login / logout a user with OIDC Authorization code flow with PKCE, two | ||||
dedicated Django views are available in ``swh-auth``: | dedicated Django views are available in ``swh-auth``: | ||||
- ``oidc-login`` (``/oidc/login/`` URL path): initiate authentication flow | - ``oidc-login`` (``/oidc/login/`` URL path): initiate authentication flow | ||||
- ``oidc-logout`` (``/oidc/logout/`` URL path): terminate OIDC user session, a ``next_path`` | - ``oidc-logout`` (``/oidc/logout/`` URL path): terminate OIDC user session, a ``next`` | ||||
query parameter can be used to redirect to a view of choice once a user is logged out | query parameter can be used to redirect to a view of choice once a user is logged out | ||||
Add ``swh.auth.django.views.urlpatterns`` to your Django application URLs to use them. | Add ``swh.auth.django.views.urlpatterns`` to your Django application URLs to use them. | ||||
Middlewares | Middlewares | ||||
----------- | ----------- | ||||
``swh-auth`` provides the :class:`swh.auth.django.middlewares.OIDCSessionExpiredMiddleware` | ``swh-auth`` provides the :class:`swh.auth.django.middlewares.OIDCSessionExpiredMiddleware` | ||||
middleware. | middleware. | ||||
That middleware detects when a user previously logged in using the OpenID Connect | That middleware detects when a user previously logged in using the OpenID Connect | ||||
authentication backend got his session expired. | authentication backend got his session expired. | ||||
In that case it redirects to a Django view whose name is set in the | In that case it redirects to a Django view whose name is set in the | ||||
``SWH_AUTH_SESSION_EXPIRED_REDIRECT_VIEW`` Django setting (typically a logout view). | ``SWH_AUTH_SESSION_EXPIRED_REDIRECT_VIEW`` Django setting (typically a logout view). | ||||
The following query parameter will be set for that view: | The following query parameter will be set for that view: | ||||
- ``next_path``: requested URL before the detection of the OIDC session expiration | - ``next``: requested URL before the detection of the OIDC session expiration | ||||
- ``remote_user``: indicates that the user was previously authenticated with OIDC | - ``remote_user``: indicates that the user was previously authenticated with OIDC | ||||
Minimal application example | Minimal application example | ||||
--------------------------- | --------------------------- | ||||
A sample minimal Django application using all the features mentioned above can be | A sample minimal Django application using all the features mentioned above can be | ||||
found in `swh-auth Django tests tree`_. | found in `swh-auth Django tests tree`_. | ||||
.. _Proof Key for Code Exchange: https://tools.ietf.org/html/rfc7636 | .. _Proof Key for Code Exchange: https://tools.ietf.org/html/rfc7636 | ||||
.. _swh-auth Django tests tree: https://forge.softwareheritage.org/source/swh-auth/browse/master/swh/auth/tests/django/app/apptest/ | .. _swh-auth Django tests tree: https://forge.softwareheritage.org/source/swh-auth/browse/master/swh/auth/tests/django/app/apptest/ |