I am setting up FreeIPA and Keycloak for user authentication for a django webapp. I have set up the client id and client secret in the .bashrc file and have included my path properly in django (the website loads, just not properly).
The error displayed is "We're sorry, Client not found." I figure this may have something to do with setup.
What should I do to fix this and make the ipa/keycloak login show the login fields?
I figured out my answer by looking at the settings from this post: mozilla-django-oidc with keycloak on django 3
These were the two lines I needed to add in my settings.py:
OIDC_RP_CLIENT_ID = 'my_client_id'
OIDC_RP_CLIENT_SECRET = os.environ.get("my_client_secret")
Related
I have a reactjs app that already has a user logged in. I attached a link to the web app that make the user able to access Django admin page, but for now it still requires the user to login.
I'd like to bypass the login as the user is already authenticated when logging into the react app.
How do I bypass the log in page and tell django that this user is already authenticated? What if I still want to get the email from request? where can I access the request object?
EDIT:
I should specify that I would like to check for auth token which I already have in my localStorage, then authenticate the external user directly. If the auth token is not present, I should still hit the django admin login page
EDIT2:
Created a custom page just to deal with Auth0 authentication. But I'm not sure what to do next. The request.user at this point is AnonymousUser which I can't really operate on. There is no way to identify who this is (but I can successfully check if this user has permission)
I plan to create a user and give it superuser permission? Is that the right approach?
EDIT3:
login(request, request.user, backend='django.contrib.auth.backends.RemoteUserBackend')
return HttpResponseRedirect("/my/url")
and i got
'AnonymousUser' object has no attribute '_meta'
Is it part of the auth problem?
You should not "bypass the login" you need to use authorized tokens... to identify that client whos is consuming the API is really you and not the anyone else
The process is really simple, once you send username and password to your backend (django) you will retorn one autorization token to your frontend (react) and every request from your frontend you will add it to header
Use django_rest_framework or something like that (as tastypie)
http://www.django-rest-framework.org/api-guide/authentication/
I know my question sounds like a duplicate, but I've looked everywhere without finding any solution.
I am working on implementing social logins for my django webapp. So far google, twitter and yahoo logins have worked as expected. But facebook always gives the error below:
URL blocked: This redirect failed because the redirect URI is not white-listed in the app's client OAuth settings. Make sure that the client and web OAuth logins are on and add all your app domains as valid OAuth redirect URIs.
After some digging I got to learn how to setup my facebook login properly: Facebook app settings below
App Domains set to domain.ext
Site URL set to https://www.domain.ext/
Valid OAuth Redirect URIs set to https://domain.ext/social/complete/facebook/
I also looked at the redirect url (shown below) and found that it contains a state variable, state=kMQH3TdKSdF8oYGGx7Xri4KgFaEQ9OyU. Full url below
https://www.facebook.com/v2.9/dialog/oauth?client_id=977674249054153&redirect_uri=https%3A%2F%2Fwww.domain.ext%2Fsocial%2Fcomplete%2Ffacebook%2F&state=kMQH3TdKSdF8oYGGx7Xri4KgFaEQ9OyU&return_scopes=true&scope=email%2Cpublic_profile
My facebook login url on my django app is {% url 'social:begin' 'facebook' %} and I have this 'social_core.backends.facebook.FacebookOAuth2' in AUTHENTICATION_BACKENDS
I searched and found there's such issue already on the social-core github page which has been resolved. It says that from v1.7.0, this line REDIRECT_STATE = False has been added to the facebook backend. I dug into the sourcecode and found that to be the case. But my app's url keep sending the state variable and I have no idea why that is the case. Please has someone else encountered this odd behaviour, and if yes how did you go about working it out?
I've spent hours on this issue, but it turns out I only needed to do this Valid OAuth Redirect URIs set to https://www.domain.ext/social/complete/facebook/
Note the www.
Have you tried django-allauth? I find it to be a much better solution. It takes care of third party provider integration for you with builtin support for many providers and custom providers.
I'm using oauth2_provider + rest_framework. I have configured several client applications, and they successfully authenticate and receive access tokens.
I would like to have the client app in the request (Eg. request.client). Perhaps I should create some kind of middleware, which sets it, but I'm not sure what is the proper way to do it. Or maybe this functionality is already provided by the oauth2_provider/oauthlib, and I have overlooked it?
The client should be set when:
a valid access token is provided
valid app credentials are provided (like when requesting access token)
Python v3.5.3, Django v1.10.6
oauth2_provider AccessToken has a foreign key
to the application issued that token
You can get the application form the access token like this: application = request.auth.application
AbstractApplication class has foreign key to settings.AUTH_USER_MODEL https://github.com/evonove/django-oauth-toolkit/blob/0.12.0/oauth2_provider/models.py#L62
So if you are using default Application class you could get the clients by request.user.oauth2_providers_applications
I am trying to build user authentication in Flask app. The authentication needs to be done using the LDAP server. The documentation given on this
link is not very clear. It asks for the LDAP_USERNAME and LDAP_PASSWORD. Is this same as as username and password for a user? I want to fetch this from the login page which I was going to do using request.forms. :
#app.route('/login')
def login():
user = request.form['user_name']
password = request.form['password']
ldap_authenticate_user(user, password)
Has anyone successfully used the Flask-LDAP using flask-simpleldap ?
I wrote flask-simpleldap and just found this, I hope this will be useful for someone. LDAP_USERNAME and LDAP_PASSWORD are the credentials you use to bind to a directory server. It's usually a service account and it's the account that will be used to run queries against the directory server, e.g. search for users/groups, bind a user account etc.
There are some example apps in the github repo that should help you understand a bit better.
I am dabbling a little with Python Django Social Auth using Twitter authentication.
I can login.
But, when I try to log out using django.contrib.auth.logout, it doesn't log out.
What's the way to logout?
Thanks.
Are you trying to log out just from the Django app or do you want to "forget" the Twitter access? Usually the twitter auth token is stored for simplified login the next time a user wants to connect to twitter, so the user doesn't have to "accept" the access again.
Django logout
If you just want to logout from the Django auth system, it should be enough to use the django.contrib.auth.views.logout view or to create a custom logout view.
Social auth disconnect
To completely unlink/disconnect a social account, you need to use the disconnect functions in social-auth. You can get the disconnect url using the following template tag:
{% url "socialauth_disconnect" "backend-name" %}
For more information, please refer to http://django-social-auth.readthedocs.org/en/v0.7.22/configuration.html#linking-in-your-templates.
Force approval prompt
Because you've already allowed your app access to the OAuth provider, the auth provider will remember that decision. There are usually two ways to force a confirmation of that access permission:
Revoke the access permission in the management console of your auth provider (e.g. disapprove twitter app access).
Set an extra OAuth argument that forces the approval prompt. I'm not sure if Twitter provides such a thing, but if you're using Google OAuth2 you can simply add {'approval_prompt': 'force'} to the GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS setting.
Do you have a logout view? You need to have a logout view.
Example:
from django.contrib.auth import logout
def logout_view(request):
logout(request)
# Redirect to a success page.
This answer is outdated as django-social-auth is now python-social-auth
See newer Stack Overflow answer here.
Read the docs here
According to the documentation there is a difference between log out and disconnect. In short,
Disconnect - forget the user social account.
Log out - end the current user session and remove any related data (like cookies).
From the question, I assume you still want to allow the user to have the Twitter linked with the account. If you want to disconnect, check this answer.
To log the user out, you can have in your Django settings.py
LOGOUT_URL = "logout"
Then, in your urls.py
from django.urls import path
from django.contrib.auth import views as auth_views
urlpatterns = [
path("logout/", auth_views.LogoutView.as_view(template_name="registration/logged_out.html"), name="logout"),
]
Then, to log the user out, you can just use in the template something like
Logout
Also, you'll have to create a the logged_out.html file in appname/templates/registration/ and include in it whatever you want the logged out user to see.