HomeSoftware Heritage

django: Add OIDC Authorization code PKCE authentication backend

Description

django: Add OIDC Authorization code PKCE authentication backend

Add a generic Django authentication backend and related login / logout
views enabling to authenticate a user using Keycloak and the OpenID
Connect authorization code flow with PKCE ("Proof Key for Code Exchange").

The backend can be easily plugged into any django application by:

  • adding "swh.auth.django.backends.OIDCAuthorizationCodePKCEBackend" to the AUTHENTICATION_BACKENDS django setting
  • configuring Keycloak by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID in django settings
  • adding swh.auth.django.views.urlpatterns to the django application URLs
  • using the dedicated django views: "oidc-login" and "oidc-logout"

Related to T3150