Installation

  • Install with pip:

    pip install django-centralauth
    

Provider side

You need to update some of your Django settings.

  • Your INSTALLED_APPS setting:

    INSTALLED_APPS = (
        # ...
        'oauth2_provider',
        'centralauth.provider',
    )
    
  • Your MIDDLEWARE setting:

    MIDDLEWARE = [
        'oauth2_provider.middleware.OAuth2TokenMiddleware',
        # ...
    ]
    
  • Your AUTHENTICATION_BACKENDS setting:

    AUTHENTICATION_BACKENDS = (
        'oauth2_provider.backends.OAuth2Backend',
        # ...
    )
    
  • Add the following settings in addition:

    OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = 'oauth2_provider.AccessToken'
    OAUTH2_PROVIDER_APPLICATION_MODEL = 'provider.Application'
    
  • Configure the OAuth2 provider backend class:

    OAUTH2_PROVIDER = {
        'OAUTH2_BACKEND_CLASS': 'centralauth.provider.oauth2_backends.CentralauthOAuthBackend',
    }
    

If you want to re-validate the access more often, you might redurce the lifetime of the generated access tokens:

OAUTH2_PROVIDER = {
    # ...
    'ACCESS_TOKEN_EXPIRE_SECONDS': 5 * 60,
}

After you updated your settings, add the centralauth.provider urls to your url configuration:

urlpatterns = [
    # ...
    path('provider/', include('centralauth.provider.urls'))
]

Note

Make sure that you configure a sane LOGIN_URL. django-oauth-toolkit will redirect users to this url to ensure the requesting user is logged in.

Client side

You need to update some of your Django settings.

  • Your INSTALLED_APPS setting:

    INSTALLED_APPS = (
        # ...
        'centralauth.client',
    )
    
  • Your AUTHENTICATION_BACKENDS setting:

    # Disable regular logins using local users and enforce centralauth logins.
    AUTHENTICATION_BACKENDS = (
        'centralauth.client.backends.OAuthBackend'
    )
    
  • Add the following settings in addition:

    # The full uri to the provider side urls.
    CENTRALAUTH_PROVIDER_URL = 'http://localhost:8000/provider'
    
    # The application credentials generated on the provider side using the Django admin.
    CENTRALAUTH_CLIENT_ID = 'ADD-YOUR-CLIENT-ID'
    CENTRALAUTH_CLIENT_SECRET = 'ADD-YOUR-CLIENT-SECRET'
    

After you updated your settings, add the centralauth.client urls to your url configuration:

urlpatterns = [
    # ...
    path('centralauth/', include('centralauth.client.urls'))
]

Note

Centralauth provides an option to hijack the admin login interface to make sure that the users go through the Centralauth oauth login flow.

You might set CENTRALAUTH_CUSTOM_LOGIN_TEMPLATE to True or provide a Django template path to your custom template.