使用 django-auth-adfs 在 Django Rest 框架中进行身份验证

问题描述 投票:0回答:2

我正在使用 

django-auth-afs
python 库来验证和保护我的 DRF API。 我已在 Azure 中注册了我的应用程序,并有 
client_id
client_secret
tenant_id
。有人可以帮助告诉我如何配置 django Rest 框架吗?

我已经尝试过以下文档

https://django-auth-adfs.readthedocs.io/en/latest/rest_framework.html https://django-auth-adfs.readthedocs.io/en/latest/azure_ad_config_guide.html#step-1-register-a-backend-application

我当前的配置在 

settings.py


AUTHENTICATION_BACKENDS = (
    'django_auth_adfs.backend.AdfsAuthCodeBackend',
    'django_auth_adfs.backend.AdfsAccessTokenBackend',
)

AUTH_ADFS = {
    'AUDIENCE': client_id,
    'CLIENT_ID': client_id,
    'CLIENT_SECRET': client_secret,
    'CLAIM_MAPPING': {'first_name': 'given_name',
                      'last_name': 'family_name',
                      'email': 'upn'},
    'GROUPS_CLAIM': 'roles',
    'MIRROR_GROUPS': True,
    'USERNAME_CLAIM': 'upn',
    'TENANT_ID': tenant_id,
    'RELYING_PARTY_ID': client_id,
}

REST_FRAMEWORK = {  # type: ignore
    # disable this until Azure SSO integration done
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticatedOrReadOnly',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'django_auth_adfs.rest_framework.AdfsAccessTokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ),

当尝试访问我的 API 时,我会收到响应,但它应该抛出 

Unauthorised
消息,当我尝试访问 
/admin
页面时,我收到以下错误

022-06-09 08:36:33,718 - INFO - django_auth_adfs - django_auth_adfs loaded settings from ADFS server.
2022-06-09 08:36:33,718 - INFO - django_auth_adfs - django_auth_adfs loaded settings from ADFS server.
2022-06-09 08:36:33,718 - INFO - django_auth_adfs - operating mode:         openid_connect
2022-06-09 08:36:33,718 - INFO - django_auth_adfs - operating mode:         openid_connect
......
2022-06-09 08:36:33,719 - DEBUG - django_auth_adfs - django_auth_adfs authentication backend was called but no authorization code was received
2022-06-09 08:36:33,719 - DEBUG - django_auth_adfs - django_auth_adfs authentication backend was called but no authorization code was received
python django authentication django-rest-framework adfs
2个回答
0
投票

我知道我可能会迟到,但为了供将来参考,该指南不完整。您必须进入天蓝色的应用程序,并在身份验证部分检查“访问令牌”

0
投票

问题出在 

AUDIENCE
中的 
AUTH_ADFS
配置中的 
settings.py
。 它应该看起来像这样:

AUTH_ADFS = {
    'AUDIENCE': [f'api://{client_id}', client_id],
    'CLIENT_ID': client_id,
    'CLIENT_SECRET': client_secret,
    'CLAIM_MAPPING': {'first_name': 'given_name',
                      'last_name': 'family_name',
                      'email': 'upn'
                      },
    'GROUPS_CLAIM': 'roles',
    'MIRROR_GROUPS': True,
    'USERNAME_CLAIM': 'email',
    'TENANT_ID': tenant_id,
    'RELYING_PARTY_ID': client_id,
    'LOGIN_EXEMPT_URLS': [
        '^api',  # Assuming you API is available at /api
    ],
}

意味着您错过了 

api://client_id
作为您的观众之一。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.