How can I access OpenId Connect endpoints in a django + oauth environment?
I'm trying to set up a Django (3.2.5) env with OAuth v2 + OpenId Connect using django-oauth-toolkit (1.5.0). I was able to follow the tutorials, which means that I have oauth support. I'm able to get Oauth tokens, and protect endpoints with them.
But when I try to configure OpenId Connect, I'm unable to access o/.well-known/...
end-points, they simply are not registered. I get a HTTP 404, and the debug page shows that django only knows about o/authorize/
, o/token/
, and o/revoke-token/
. OpendId Connect section seems to imply I don't need to do anything else but enable OpenId for those views to appear.
My urls.py
looks like:
oauth2_endpoint_views = [
path('authorize/', oauth2_views.AuthorizationView.as_view(), name="authorize"),
path('token/', oauth2_views.TokenView.as_view(), name="token"),
path('revoke-token/', oauth2_views.RevokeTokenView.as_view(), name="revoke-token"),
]
urlpatterns = [
path('admin/', admin.site.urls),
re_path('^accounts/', admin.site.urls),
path('o/', include((oauth2_endpoint_views, 'oauth2_provider'), namespace="oauth2_provider")),
path('api/hello', ApiEndpoint.as_view()), # an example protected resource endpoint
path('api/secret', secret_page, name='secret'), # requires authentication
]
As a part of OAuth config I already
- Added
oauth2_provider
tosettings.INSTALLED_APPS
. - Added
oauth2_provider.middleware.OAuth2TokenMiddleware
tosettings.MIDDLEWARE
. - Added
django.contrib.auth.backends.ModelBackend
,oauth2_provider.backends.OAuth2Backend
,django.contrib.auth.backends.ModelBackend
tosettings.AUTHENTICATION_BACKENDS
. - Since this is a testing env,
CORS_ORIGIN_ALLOW_ALL
is set toTrue
. - Added
path('o/', include((oauth2_endpoint_views, 'oauth2_provider'), namespace="oauth2_provider"))
to `urls. - Registered a OAuth client of type confidential and authorization grant type Authorization Code, no OIDC support for oauth tests, RSA for OIDC tests.
and OAuth is working as expected.
As a part of OpenId Connect I
- Generated RSA private and public key.
- Added an RSA appropriate
OAUTH2_PROVIDER
config intosettings
. - Set
DEBUG = False
insettings
. - Set client algorithm to RSA for OIDC tests.
I didn't register any extra urls, since (i) I don't know what to register and (ii) there's no indication I should do anything else.
The url declaration must be: