Views

Note

When instantiating a view from this library (ie through django’s ‘as_view()’) you must set the named argument op_name to point to a valid DJANGO_PYOIDC settings entry. If you use Providers then this behaviour is automatically implemented.

Here is an example:

from .oidc_providers import my_project_provider

urlpatterns = [
    path("auth/callback", OIDCCallbackView.as_view(op_name="keycloak"),),
]

class django_pyoidc.views.OIDCLoginView(**kwargs: Any)

When receiving a GET request, this views redirects the user to the SSO identified by op_name. This view is named <op_name>-login if you used get_urlpatterns.

This view supports the http query parameter next (ie ?next=http://...) to specify which url the user should be redirected to on success.

First, an OIDC redirection is made to the sso, with a callback (redirection) set to a local url defined by the setting:

oidc_callback_path local path to be redirected after authentication on the sso, to finalize the local auth.

After this somewhat internal redirection where the local auth is validated and the session created, a final redirection will be made. The final redirection behaviour is configured with the following settings :

login_redirection_requires_https controls if non https URIs are accepted.
login_uris_redirect_allowed_hosts controls which hosts the user can be redirected to.
post_login_uri_success defines the redirection URI when no ‘next’ redirect uri were provided in the HTTP request.

class django_pyoidc.views.OIDCCallbackView(**kwargs: Any)

This view only accepts GET request. This is where the identity provider redirects the user in the Authorization Code Flow. Usually, you should not redirect a user manually to this view.

It is named <op_name>-callback if you used get_urlpatterns.

class django_pyoidc.views.OIDCLogoutView(**kwargs: Any)

This view logs out the user, killing it’s session on this service and notifying the identity provider that it has logged-out. It is named <op_name>-logout if you used get_urlpatterns.

It supports both GET and POST http methods.

The response is a redirection to the SSO logout endpoint, if a provider configuration post_logout_redirect_uri exists it as used as post logout redirection argument on the SSO redirection link.

post(request: HttpRequest) → HttpResponse: Log out the user.

post_logout_url(request: HttpRequest) → str: Return the post logout url defined in settings.

class django_pyoidc.views.OIDCBackChannelLogoutView(**kwargs: Any)

This view only accept POST requests. This is where your identity provider notifies the library that we should kill a user session. Usually, you should not redirect a user manually to this view.

It is named <op_name>-backchannel-logout if you used get_urlpatterns.

Providers

Providers classes allows the final user to configure their project without having to understand how to map their Identity Provider configuration settings to this library settings.

Each provider implements the configuration logic and should be used using the provider_class setting.

Tip

Read the tutorial to learn how to use provider class !

Tip

All the named arguments of __init__() can be set by configuring a setting with the same name.

Provider list

class django_pyoidc.providers.KeycloakProvider(keycloak_base_uri: str | None = None, keycloak_realm: str | None = None, *args: Any, op_name: str, **kwargs: Any)

Provide django settings/urlconf based on keycloak behaviour (latest version).

For older Keycloak versions please check the other Keycloak_* providers.

class django_pyoidc.providers.Keycloak18Provider(keycloak_base_uri: str | None = None, keycloak_realm: str | None = None, *args: Any, op_name: str, **kwargs: Any)

Provide Django settings/urlconf based on keycloak behaviour (v18)

get_default_config() → ProviderConfig

Get the default configuration settings for this provider.

This configuration defaults are used to provide default values for OIDCSettings. User can override these defaults by playing with OIDCSettings arguments.

class django_pyoidc.providers.Keycloak17Provider(keycloak_base_uri: str | None = None, keycloak_realm: str | None = None, *args: Any, op_name: str, **kwargs: Any): Provide Django settings/urlconf based on keycloak behaviour (v17)

class django_pyoidc.providers.Keycloak10Provider(keycloak_base_uri: str | None = None, keycloak_realm: str | None = None, *args: Any, op_name: str, **kwargs: Any)

Provide Django settings/urlconf based on keycloak behaviour (v10 to v18)

__init__(keycloak_base_uri: str | None = None, keycloak_realm: str | None = None, *args: Any, op_name: str, **kwargs: Any)

Parameters:: op_name (str) – the name of the sso provider that you are using

get_default_config() → ProviderConfig

Get the default configuration settings for this provider.

This configuration defaults are used to provide default values for OIDCSettings. User can override these defaults by playing with OIDCSettings arguments.

class django_pyoidc.providers.LemonLDAPngProvider(*args: Any, op_name: str, **kwargs: Any)

Provide django settings/urlconf based on LemonLDAP-ng behaviour (latest version).

For older LemonLDAPNg versions please check the other Klemonldapng_* providers.

class django_pyoidc.providers.LemonLDAPng2Provider(*args: Any, op_name: str, **kwargs: Any)

Provide Django settings/urlconf based on LemonLDAP-ng behaviour (v2)

get_default_config() → ProviderConfig

Get the default configuration settings for this provider.

This configuration defaults are used to provide default values for OIDCSettings. User can override these defaults by playing with OIDCSettings arguments.

This is the base Provider class that is used to implement common provider configuration patterns. You should not use this class directly. Instead, you should but subclass it to implement the configuration logic.