Added JWT authentication to views.py through use of a settings file. …

…New settings: USE_JWT and FRONTEND_URL. Added django-rest-auth to setup.py
Wombatpm · Sep 11, 2018 · 27e2a0e · 27e2a0e
1 parent 4071492
commit 27e2a0e
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/README.rst b/README.rst
@@ -147,6 +147,8 @@ How to use?
             'ASSERTION_URL': 'https://mysite.com', # Custom URL to validate incoming SAML requests against
             'ENTITY_ID': 'https://mysite.com/saml2_auth/acs/', # Populates the Issuer element in authn request
             'NAME_ID_FORMAT': FormatString, # Sets the Format property of authn NameIDPolicy element
+            'USE_JWT': False, # Set this to True if you are running a Single Page Application (SPA) with Django Rest Framework (DRF), and are using JWT authentication to authorize client users
+            'FRONTEND_URL': 'https://myfrontendclient.com', # Redirect URL for the client if you are using JWT auth with DRF. See explanation below
         }
 
 #. In your SAML2 SSO identity provider, set the Single-sign-on URL and Audience
@@ -187,6 +189,12 @@ behind a reverse proxy.
 **NAME_ID_FORMAT** Set to the string 'None', to exclude sending the 'Format' property of the 'NameIDPolicy' element in authn requests.
 Default value if not specified is 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'.
 
+**USE_JWT** Set this to the boolean True if you are using Django Rest Framework with JWT authentication
+
+**FRONTEND_URL** If USE_JWT is True, you should set the URL of where your frontend is located (will default to DEFAULT_NEXT_URL if you fail to do so). Once the client is authenticated through the SAML/SSO, your client is redirected to the FRONTEND_URL with the user id (uid) and JWT token (token) as query parameters.
+Example: 'https://myfrontendclient.com/?uid=<user id>&token=<jwt token>'
+With these params your client can now authenticate will server resources.
+
 Customize
 =========
 

diff --git a/django_saml2_auth/views.py b/django_saml2_auth/views.py
@@ -22,6 +22,8 @@
 from django.http import HttpResponseRedirect
 from django.utils.http import is_safe_url
 
+from rest_auth.utils import jwt_encode
+
 
 # default User or custom User. Now both will work.
 User = get_user_model()
@@ -178,6 +180,16 @@ def acs(r):
     else:
         return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))
 
+    if settings.SAML2_AUTH['USE_JWT']:
+        # We use JWT auth send token to frontend
+        jwt_token = jwt_encode(target_user)
+        query = '?uid={}&token={}'.format(target_user.id, jwt_token)
+
+        frontend_url = settings.SAML2_AUTH.get(
+            'FRONTEND_URL', next_url)
+
+        return HttpResponseRedirect(frontend_url+query)
+
     if is_new_user:
         try:
             return render(r, 'django_saml2_auth/welcome.html', {'user': r.user})

diff --git a/setup.py b/setup.py
@@ -61,6 +61,7 @@
     packages=find_packages(),
 
     install_requires=['pysaml2>=4.5.0',
-                      'djangorestframework-jwt'],
+                      'djangorestframework-jwt',
+                      'django-rest-auth', ],
     include_package_data=True,
 )