Django

This document shows how to integrate justpass.me in your Django project.

1. Install the justpassme app

   pip install justpassme-django

2. Add the following to settings.py

   AUTHENTICATION_BACKENDS = (
       'justpass.OIDC_CLIENT.MyOIDCAB',
       'django.contrib.auth.backends.ModelBackend',
   )
    
   SITE_URL = YOUR_SITE_URL
   OIDC_USERNAME_FIELD = "username"
   LOGIN_URL = "/accounts/login/"
    
   OIDC_RP_CLIENT_ID = {{ app.client_id }}
   OIDC_RP_CLIENT_SECRET="{{ app.client_secret }}"
   OIDC_OP_URL= "https://{{ site.domain }}/openid/"
    
   OIDC_RP_SCOPES= "openid"
   OIDC_RP_SIGN_ALGO = '{{ app.jwt_alg }}'
   OIDC_STORE_ID_TOKEN = True
   OIDC_OP_JWKS_ENDPOINT=OIDC_OP_URL  +"jwks"
   OIDC_OP_AUTHORIZATION_ENDPOINT=OIDC_OP_URL + "authorize/"
   OIDC_OP_TOKEN_ENDPOINT = OIDC_OP_URL +"token/"
   OIDC_OP_USER_ENDPOINT = OIDC_OP_URL + "userinfo/"
   OIDC_CALLBACK_CLASS= "justpass.OIDC_CLIENT.OIDCAuthn"
   OIDC_AUTHENTICATE_CLASS = "justpass.OIDC_CLIENT.OIDC_AUTHENTICATE"
    
   # If your application uses SSL.
   USE_X_FORWARDED_HOST = True
   SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
    
   # Customize these paths to match your project
   LOGIN_REDIRECT_URL_FAILURE="/justpass/failure/"
   LOGIN_REDIRECT_URL = "/justpass/success/"

3. Add a field to user model to allow detecting the users who registered to justpass.

   justpass_enabled = models.BooleanField(default=False)

   Note: You can name the field anything you like.

4. Write a function to start registration and add it to your urls.py

   def start_reg(request):
       from justpass.helpers import start_reg
       return start_reg(request)

5. Write a function to start login and add it to your urls.py

   Note: The function expects the user username to be in request.session["base_username"]

   def start_login(request):
       from justpass.helpers import start_oidc_sign
       return start_oidc_sign(request)

6. Write two functions that handle the success and failure of registration or login. You can use the two functions below as a reference.

   def success(request):
       op_mode = request.session.pop("OP_MODE")
       platform = request.session.get("AMWALPLATFORM")
       if op_mode == "LOGIN":
           create_session(request, request.session["username"])
           if platform == "app":
               return JsonResponse({
                   "username": request.user.username,
                   "token": request.session.session_key
               })
           return redirect('home')
    
       elif op_mode == "REG":
           request.user.justpass_enabled = True
           request.user.save()
           request.session["reg"]=True
           return redirect('home')
    
   def failure(request):
       op_mode = request.session.pop("OP_MODE")
       if op_mode == "LOGIN":
           return render(request, 'login.html', {"failed": True})
       request.session["reg"]=False
       return redirect('home')