Django Auth Framework

An open source, one-stop authentication framework for Django and ready for production.

Table of Contents

1. About The Project
   • Built With
   • Features
2. Getting Started
   • Installation
   • Configurations
3. API Endpoints and Examples
4. Contributing
5. License

About The Project

Django Auth Framework is an open source, one-stop framework for Django applications providing the most essential APIs for authentication and authorization. APIs also cover Oauth2 protocol, social login and user management with options allows to easily customize and override for working on most scenarios. It supports multiple authentication ways to make your auth server scalable from a monolithic server using Token/Session authentication to service mesh such like Istio on Kubernetes Cluster with JWT authentication.

This framework was originally developed by me to help Django projects in our company fast setup. Now, it has scaled our service over a million users. I am happy to open soucre this project, hope it is helpful in your projects or startups

Built With

• Django OAuth Toolkit
• Django REST framework

Features

• Production-ready, optimized by reducing unnecessary queries write to db during authentication and authorization.
• Extends Django OAuth Toolkit's default Oauth2Validator to allow authorization with multiple types of credentials like email, phone number.
• Pure RESTFUL API endpoints implemented with Django REST framework, this framework doesn't use any traditional Django components(eg: forms, html).
• Supports the most popular social login(Google,Apple and Facebook) followed by up to date guidelines, users at frontend can be authorized by either id_token, code or access_token.
• NO FULL DOCUMENTATION atm.

Getting Started

To get a local copy up and running follow these simple steps.

Installation

pip install django-auth-framework

Configurations

1. Edit settings.py file:

    #in your my_auth/models.py
     # from auth_framework.models import AbstractUser
     # class MyUser(AbstractUser):
     #     custom_fields ...
    AUTH_USER_MODEL = 'my_auth.MyUser'

   or just try with

    AUTH_USER_MODEL = 'auth_framework.User'

   add required apps and configuration for rest_framework:

   # ...
   REQUIRED_APPS = [
        'rest_framework',
        'oauth2_provider',
        'auth_framework',
   ]
   LOCAL_APPS = [
        'my_auth'
   ]
   INSTALLED_APPS += REQUIRED_APPS
   INSTALLED_APPS += LOCAL_APPS
    # ...
    REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
        'rest_framework.authentication.SessionAuthentication',
   
    ),
    }

   if you need other unique fields: email or phone_number not justusernameas credentials:

    AUTHENTICATION_BACKENDS = [
        "auth_framework.backends.auth_backends.AuthenticationBackend",
    ]
    
    OAUTH2_PROVIDER = {
        "OIDC_ENABLED": True,
        "OIDC_RSA_PRIVATE_KEY": os.environ.get('OIDC_RSA_PRIVATE_KEY'),
        'SCOPES': {
            "openid": "OpenID Connect scope",
            'read': 'Read scope',
            'write': 'Write scope',
        },
        'OAUTH2_VALIDATOR_CLASS': 'auth_framework.oauth.oauth2_validators.OauthValidator',
        'OAUTH2_BACKEND_CLASS': 'auth_framework.oauth.oauth2_backends.OAuthLibCore',
    }

2. Edit the urls.py:

   from django.contrib import admin
   from django.urls import path, include
   
   urlpatterns = [
      path('admin/', admin.site.urls),
      path('account/', include('auth_framework.urls'))
   ]
    

3. Sync Database and createsuperuser:

   python manage.py migrate
   python manage.py createsuperuser

4. Login to the admin page http://localhost:8000/admin/oauth2_provider/application/add/ and add a default Application. if it's only open to your first party apps, then just choose Resource owner password-based as the grant type (No one likes to login with password but still having a redirect web page on a native app)

5. [Optional] Configure of Social Adapters: in most scenarios, you only need to create one client id/secret for each social provider. For security and performance, it will look up those environment variables during making Oauth request calls instead of creating many key pairs to the database:

   GOOGLE_CLIENT_ID=*********.apps.googleusercontent.com
   GOOGLE_CLIENT_SECRET=**********
   FACEBOOK_CLIENT_ID=**********
   FACEBOOK_CLIENT_SECRET=**************
   APPLE_CLIENT_ID=com.team.project
   APPLE_CLIENT_SECRET=**************

   If this is not your thing, consider to use allauth-django

API Endpoints and Examples

Postman

Contributing

If you have improvements to Django Auth Framework, just send a pull request:

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

Or leave a comment in our Issues

License

Distributed under the BSD License. See LICENSE for more information.