I need to build a Django web-app. My web-app needs to support authentication and authorization using OpenID Connect. It is my first time doing this. Is there a free Identity Provider to test my application or do I need to write the provider and the client? My task is to write only the client that connects to the provider. An example would be great or some course/tutorial I can use to learn how to do this.
Maybe there are no good examples in Django but I know ASN.NET and Java so those examples could inspire me as well.
There are a bunch of OpenID Connect providers you can use to test your client: you can sign up for a free Auth0 or Okta developer sandbox, download and run IdentityServer locally, or try the OAuth2 Playground.
As for writing the client. Please don't write your own. There are a list of libraries from the OpenId Foundation. I've used pyoidc for a non Django application, you could hook that in to your app, or use one of the Django specific OpenID Connect libraries.
checkout this example using both provider (django app using django-oidc-provider package) and client (using JS).
https://django-oidc-provider.readthedocs.io/en/latest/sections/examples.html
Related
I have a Django application deployed on Google App Engine standard environment. I am interested in server side rendering of my JS frontend. Can I use node.js alongside Django on the same GAE? Maybe as microservice?
What you can do is to deploy each of your app as a separate service in App Engine and they will work independently as a microservice. To do so, make sure to set a service name for each of the app.yaml file of your apps:
service: service-name
Afterwards, you can communicate between your services through an HTTP invocation, such as a user request or a RESTful API call. Code in one service can't directly call code in another service.
Refer to this link for additional information about communicating between your services.
I have come across articles that talk about integrating python and Node but I personally haven't done it or seen it done on GAE.
If I were to take a stab, I think you would be looking at something like
Have the python app as a service (say it's available on python_service.myapp.appspot.com
Have your Node.js as your default service available on myapp.appspot.com
Your Nodejs will have a route and when this route is invoked, you make an http request to the python service, wait for a response and then your Nodejs app returns that response.
Our App, https://nocommandline.com is an Electron App (combo of Node.js & Vue.js) If you purchase a license and try to validate it, we make a call server side and our server side is Python based. It's not exactly the same thing you're looking at (since our App is not web-based) but this gives you an idea of what I was trying to describe.
We have an application deployed in production environment running on Google AppEngine with python2.7 and NDB.
It uses the Federated Authentication via OpenID implemented according this article: https://cloud.google.com/appengine/articles/openid
The Users API from AppEngine is used for authentication (e.g. users.get_current_user(), users.create_login_url(federated_identity='https://www.google.com/accounts/o8/id') for Google login, etc.) - exactly as it is described in the main.py under Examples section in the article above.
Recently we are receiving a message during authentication:
OpenID 2.0 for Google accounts is going away.
Developers should migrate to OpenID Connect by April 20, 2015. Learn more.
I see that there is a documentation for "Migrating to OpenID Connect (OAuth 2.0 for login)" at https://developers.google.com/accounts/docs/OpenID#openid-connect
Probably every single person who uses Federated Authentication on AppEngine will face now the problem of migration... and will need to preserve the user data bound to the existing user identifiers which the Users API provides.
We must preserve the usage of Users API - as it is used all over the application.
Does Google plan to offer an alternative to the single line code users.create_login_url(federated_identity='https://www.google.com/accounts/o8/id') on AppEngine to make the port easier?
Is there an example source code of how to migrate the Federated authentication on AppEngine in Python to the new OpenID Connect?
Is there a compatibility layer for Users API with Federated authentication planned to be provided?
I need to build a python web server which supports 2 different types of users :
"Super admins", which get full access to the admin panel when they connect using a pre-configured laptop/browser.
Admins, which get limited access to the admin panel and can connect using only a username/password combo.
I'm thinking SSL client authentication is a possible solution for authentifying the technicians.
Note that the web server will be embedded in a product and will not have internet access, so cannot connect to a CA.
Is SSL client authentication a good solution, or is there a simpler, or better option?
Here's what I've found...
CherryPy seems to be a very nice, simple python web server. However, it does not seem to support client authentification.
M2Crypto seems like a very complete library which supports all forms of SSL authentification, however I haven't found a detailed example of how to set up a python web server using M2Crypto for SSL client authentification.
pyOpenSSL seems to be dead.
I also found a recipe, which explains how to set up a python web server with SSL. However...
With this recipe, only the server is authenticated while the client
remains unauthenticated (i.e. the server will not request a client
certificate).
Source : http://code.activestate.com/recipes/442473-simple-http-server-supporting-ssl-secure-communica/
Can someone point me in the right direction or link to a well documented implementation of what I'm trying to do?
Thank you :)
Take a look at the twisted libraries: http://twistedmatrix.com/documents/current/core/examples/index.html
There is a simple echoservl_ssl and echoclient_ssl example in the link as well.
Optionally, bundle apache + any web framework and you're golden. There are loads of articles online about small embedded web servers.
I am using CherryPy serving up information through a web service. I want to restrict access to some of the functions utilizing OAuth2. I see an example of an OAuth2 server at https://github.com/simplegeo/python-oauth2/blob/master/example/server.py , however, it utilizes its own webserver. How can I integrate this with adding support to CherryPy?
here is CherryPy example application which using it: https://bitbucket.org/Lawouach/twiseless/src
I am using python language for google app engine based iphone application .I want to install/access ssl on python. I am unable to find a way to install/enable it in python file. please guide me how can I make my application to connect to ssl As I want to Apple enable push notification services on my application Its urgent.
See the App Engine Python documentation on setting up secure URLs. Note that this will only work when accessed via your appspot.com domain - it's not possible to have SSL on a custom domain through App Engine, currently.
Nick Johnson has already provided a link and mentioned that this functionality is not currently available on your domain (only on apps running on Google's hotspot domain).
Obviously, most developers need their apps to run on their own domains, so this is a very highly requested feature. Fortunately, Google has recently added this feature to their GAE roadmap indicating that it will be available soon. Unfortunately, we don't know what 'soon' means.