Reputation: 225
Authentication in Django Rest framework using django-auth-adfs
I am using the django-auth-afs python library to authenticate and protect my DRF API. I have registered my app in Azure and have client_id, client_secret and tenant_id. Can someone help to tell me how to configure the django rest framework?
I have tried out the following documentation
https://django-auth-adfs.readthedocs.io/en/latest/rest_framework.html https://django-auth-adfs.readthedocs.io/en/latest/azure_ad_config_guide.html#step-1-register-a-backend-application
My current configuration in settings.py
AUTHENTICATION_BACKENDS = (
'django_auth_adfs.backend.AdfsAuthCodeBackend',
'django_auth_adfs.backend.AdfsAccessTokenBackend',
)
AUTH_ADFS = {
'AUDIENCE': client_id,
'CLIENT_ID': client_id,
'CLIENT_SECRET': client_secret,
'CLAIM_MAPPING': {'first_name': 'given_name',
'last_name': 'family_name',
'email': 'upn'},
'GROUPS_CLAIM': 'roles',
'MIRROR_GROUPS': True,
'USERNAME_CLAIM': 'upn',
'TENANT_ID': tenant_id,
'RELYING_PARTY_ID': client_id,
}
REST_FRAMEWORK = { # type: ignore
# disable this until Azure SSO integration done
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticatedOrReadOnly',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'django_auth_adfs.rest_framework.AdfsAccessTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
When to try to access my API I get response back but it should throw Unauthorised message and When I try to access the /admin page I get the following error
022-06-09 08:36:33,718 - INFO - django_auth_adfs - django_auth_adfs loaded settings from ADFS server.
2022-06-09 08:36:33,718 - INFO - django_auth_adfs - django_auth_adfs loaded settings from ADFS server.
2022-06-09 08:36:33,718 - INFO - django_auth_adfs - operating mode: openid_connect
2022-06-09 08:36:33,718 - INFO - django_auth_adfs - operating mode: openid_connect
......
2022-06-09 08:36:33,719 - DEBUG - django_auth_adfs - django_auth_adfs authentication backend was called but no authorization code was received
2022-06-09 08:36:33,719 - DEBUG - django_auth_adfs - django_auth_adfs authentication backend was called but no authorization code was received
Upvotes: 1
Views: 1508
Answers (2)
Reputation: 15
The problem is with your AUDIENCE in AUTH_ADFS configuration in settings.py.
It should look like this:
AUTH_ADFS = {
'AUDIENCE': [f'api://{client_id}', client_id],
'CLIENT_ID': client_id,
'CLIENT_SECRET': client_secret,
'CLAIM_MAPPING': {'first_name': 'given_name',
'last_name': 'family_name',
'email': 'upn'
},
'GROUPS_CLAIM': 'roles',
'MIRROR_GROUPS': True,
'USERNAME_CLAIM': 'email',
'TENANT_ID': tenant_id,
'RELYING_PARTY_ID': client_id,
'LOGIN_EXEMPT_URLS': [
'^api', # Assuming you API is available at /api
],
}
Meaning you are missing the api://client_id as one of your audiences.
Upvotes: 0
Reputation: 1
I know I might be late, but for future reference, the guide is incomplete. You have to go into the app in azure, and in the authentication section check "Access Tokens"
Upvotes: 0
Related Questions
- Django Rest Framework custom authentication
- How to use api in DRF with authentication in python
- Authentication with REST Framework Django
- Using AD as authentication for Django
- Best way to Integrate ADFS 2.0 authentication in a Django application
- LDAP authentication with django REST
- How to use authentication with Django REST Framework
- Python Django Rest Framework authentication
- Django-rest-framework and authentication
- django auth ldap