It's often inconvenient to install from git (like while building docker images where no one normally install git). Release a PyPi package please.

Hi. I came here from stackoverflow, I‘ve glanced README, Is my understanding correct:
django-rest-framework-sso is a simplified version of oauth2, and since oauth2 basiclly
focus on authorization, django-rest-framework-sso also contains authentication feature?

Hello, How do the logout made in oher service?

hi I'm trying to make SSO in my projects can you and I'm new on this can you give me some basic examples of how to do it probably

Encoding is being done with private key and key_id in header is actually private key path, But when payload needed to decoded in AuthorizationView, key_id is fetched from header and for decoding, public key is needed to get form get_public_key_and_key_id in keys.py. Now the key_id passed to this function is private_key_id and we are expecting to get public key. So that's why it throws error.

REST_FRAMEWORK_SSO = {
'CREATE_SESSION_PAYLOAD': 'rest_framework_sso.utils.create_session_payload',
'CREATE_AUTHORIZATION_PAYLOAD': 'rest_framework_sso.utils.create_authorization_payload',
'ENCODE_JWT_TOKEN': 'rest_framework_sso.utils.encode_jwt_token',
'DECODE_JWT_TOKEN': 'rest_framework_sso.utils.decode_jwt_token',
'AUTHENTICATE_PAYLOAD': 'rest_framework_sso.utils.authenticate_payload',
'ENCODE_ALGORITHM': 'RS256',
'DECODE_ALGORITHMS': None,
'VERIFY_SIGNATURE': True,
'VERIFY_EXPIRATION': True,
'VERIFY_SESSION_TOKEN': True,
'EXPIRATION_LEEWAY': 0,
'SESSION_EXPIRATION': None,
'AUTHORIZATION_EXPIRATION': datetime.timedelta(seconds=300),
'IDENTITY': 'authserver',
'SESSION_AUDIENCE': ['authserver'],
'AUTHORIZATION_AUDIENCE': ['authserver'],
'ACCEPTED_ISSUERS': ['authserver'],
'KEY_STORE_ROOT': None,
'PUBLIC_KEYS': {
    'authserver': 'authserver/public_key.pem'
},
'PRIVATE_KEYS': {
    'authserver': 'authserver/private_key.pem'
},

'AUTHENTICATE_HEADER': 'JWT',
}

When trying to add the Custom class as given in the README, I get this error.
Also, the current branch does not have this anywhere in the code. Is this an external library Mixin?

Hi,
I have a microservice Django system in which I run celery tasks. The thing is that one of my celery tasks calls a function that
makes a request to another microservice and it has no knowledge of the current "Authentication" Header.

It is supposed to run in the background even when the session is terminated.

I tried to create a token using your functions before executing the request. But o success.

Any ideas?

I am having a challenge on the authorization token side. Here's what I have so far with 2 apps:

Primary login app:

I am able to get the token after the POST of username and password.

"Other app":

Replaying that token on the "Other app" I get:

"detail": "Unauthorized token signing key."

What is this message telling me and how can I debug this further?

Thanks!

I set:

"SESSION_EXPIRATION": timedelta(days=1)

But SESSION_EXPIRATION is always 5 minutes.

I'm trying to add Discord auth to a DRF project using this framework (react frontend, DRF backend).

There's a button on the UI that links to the following oauth link: https://discord.com/api/oauth2/authorize?client_id=713381169349263361&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fsession&response_type=code&scope=identify (most permissions cut out for brevity)

Yet when I run this, after authorizing with Discord, it redirects back to my app and gives me an error

Method GET not allowed.

When I try to do /authorize instead, it gives

Authentication credentials not provided.

I might just be misunderstanding something here, but what might I be doing wrong?

I added the DEFAULT_AUTHENTICATION_CLASSES in REST_FRAMEWORK and set REST_FRAMEWORK_SSO to 'AUTHENTICATE_PAYLOAD': 'api.authentication.authenticate_payload' as described in the README. Is there something else I'm missing?

The end goal was to allow a user to sign in with Discord, then have that create an account in Django (instead of having normal registration enabled).

I have also two projects. I am making the Project1 as SSO Primary app and this will be used for user authentication and authorization. But issue is that i couldn't find out how to set up the client project.

I have overridden the ObtainAuthorizationTokenView to add additional data as specified. However, requesting for the authorization token using the session token now throws the following error:

{
    "user": [
        "This field is required."
    ]
}

Any way to solve this?
Without the overrides, the /session and /authorize apis work well.

Thanks for your contribution.
However, I googled for examples of your releases, and I found nothing except README from Github and PyPI. Most of developers may not have too much knowledge about your idea. An explained tutorial or a runnable example like DRF would be much friendly for us to use it in our practices.

if i make this

    'AUTHENTICATE_PAYLOAD': 'otherapp.authentication.authenticate_payload',
    'VERIFY_SESSION_TOKEN': False,
    'IDENTITY': 'otherapp',
    'ACCEPTED_ISSUERS': ['myapp'],
    'KEY_STORE_ROOT': '/srv/otherapp/keys',
    'PUBLIC_KEYS': {
        'myapp': ['public.pem', ],  # only public keys in these files
    },
}````

I have  a error    "Error decoding signature."  

• I want to put a django SSO server on the cloud in its own server, like "sso.example.com".
• Then I want to use a service let's call it "service1.example.com".
• We basically have two different servers now, each with their own OS.

Question:
How can "service1.example.com" communicate with django sso server so it can authenticate the tokens and retrieve user information settings?

It would be nice if JWT could be stored in HttpOnly (and in production Secure, too) cookie. Any plans to implement it?