Django authentication via external provider

Question

I am just learning python and django and I put up a pretty decent website to manage a database and also a search page. The new requirement that I am a bit confused now is that the authentication should be done through an external provider (unknown yet, but probably LDAP or Kerberos Tickets).

My idea was to authenticate the users through this service and if successful add the user to my django created database with syncdb (where I have permissions and groups) and then bypass this user as authenticated to enable them to perform actions in the site.

Does that sound reasonable? Is there an 'accepted' approach to this kind of authentication? I am not sure if I will have to write my own authentication view.

Thanks.

Answer 1

This sounds quite reasonable. There are several ways to achieve this: use a third party library like django-social-auth which handles using third party applications to authenticate users via the Django user model. The other way to do this is to write your own custom backend that uses OAuth2 protocol to authenticate users via a third party application (e.g. Twitter) and saves/authorizes them as a Django user for your application. This might sound difficult but it's quite easy. I wrote an example Django application to demonstrate this functionality as well as provide a tutorial for custom backend authentication. This app/tutorial uses Django 1.5: djangoauth.thecloutenproject.com/

Answer 2

Django has support for hooking up other authentication backends.

I believe that you will have to write your own authentication backend or use a third party backend if you are authenticating through some common interface such as LDAP.

The docs explain how to write an authentication backend here: https://docs.djangoproject.com/en/1.5/topics/auth/customizing/

If you plan on using LDAP, I suggest that you take a look at django-auth-ldap (https://pypi.python.org/pypi/django-auth-ldap).