Django + django-oauth-toolkit: How to Register OpenIdConnect Endpoints?

Question

How can I access OpenId Connect endpoints in a django + oauth environment?

I'm trying to set up a Django (3.2.5) env with OAuth v2 + OpenId Connect using django-oauth-toolkit (1.5.0). I was able to follow the tutorials, which means that I have oauth support. I'm able to get Oauth tokens, and protect endpoints with them.

But when I try to configure OpenId Connect, I'm unable to access o/.well-known/... end-points, they simply are not registered. I get a HTTP 404, and the debug page shows that django only knows about o/authorize/, o/token/, and o/revoke-token/. OpendId Connect section seems to imply I don't need to do anything else but enable OpenId for those views to appear.

My urls.py looks like:

oauth2_endpoint_views = [
    path('authorize/', oauth2_views.AuthorizationView.as_view(), name="authorize"),
    path('token/', oauth2_views.TokenView.as_view(), name="token"),
    path('revoke-token/', oauth2_views.RevokeTokenView.as_view(), name="revoke-token"),
]

urlpatterns = [
    path('admin/', admin.site.urls),
    re_path('^accounts/', admin.site.urls),
    path('o/', include((oauth2_endpoint_views, 'oauth2_provider'), namespace="oauth2_provider")),
    path('api/hello', ApiEndpoint.as_view()),  # an example protected resource endpoint
    path('api/secret', secret_page, name='secret'),  # requires authentication
]

As a part of OAuth config I already

• Added oauth2_provider to settings.INSTALLED_APPS.
• Added oauth2_provider.middleware.OAuth2TokenMiddleware to settings.MIDDLEWARE.
• Added django.contrib.auth.backends.ModelBackend, oauth2_provider.backends.OAuth2Backend, django.contrib.auth.backends.ModelBackend to settings.AUTHENTICATION_BACKENDS.
• Since this is a testing env, CORS_ORIGIN_ALLOW_ALL is set to True.
• Added path('o/', include((oauth2_endpoint_views, 'oauth2_provider'), namespace="oauth2_provider")) to `urls.
• Registered a OAuth client of type confidential and authorization grant type Authorization Code, no OIDC support for oauth tests, RSA for OIDC tests.

and OAuth is working as expected.

As a part of OpenId Connect I

• Generated RSA private and public key.
• Added an RSA appropriate OAUTH2_PROVIDER config into settings.
• Set DEBUG = False in settings.
• Set client algorithm to RSA for OIDC tests.

I didn't register any extra urls, since (i) I don't know what to register and (ii) there's no indication I should do anything else.

Answer 1

The url declaration must be:

# Configuration according to tutorial, this should be ommited
#oauth2_endpoint_views = [
#    path('authorize/', oauth2_views.AuthorizationView.as_view(), name="authorize"),
#    path('token/', oauth2_views.TokenView.as_view(), name="token"),
#    path('revoke-token/', oauth2_views.RevokeTokenView.as_view(), name="revoke-token"),
#]

urlpatterns = [
    ...
    # configuration according yo tutorial, which OMITS OIDC
    #path('o/', include((oauth2_endpoint_views, 'oauth2_provider'), namespace="oauth2_provider")),
    # This is the proper configuration, which enables OIDC
    path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
    ...
]

Answer 2

These can also be overriden and modified as requied.

path('.well-known/openid-configuration/', ConnectDiscoveryInfoView.as_view(), name='oidc-connect-discovery-info'),
path('userinfo/', UserInfoView.as_view(), name='user-info'),
path('.well-known/jwks.info', JwksInfoView.as_view(), name='jwks-info'),

Add these to URLS. Import the views like this:

from oauth2_provider.views import ConnectDiscoveryInfoView, UserInfoView, JwksInfoView

This also requires one to set OIDC as true and set a key if RSA Algo is required.

"OIDC_ENABLED": True,
"OIDC_RSA_PRIVATE_KEY": get_private_key(),