Django, mozilla-django-oidc and admin

问题

i am trying to connect Okta with a custom Django (v.3.0.2) app i am coding, using the mozilla-django-oidc library. So far the initial user authentication and account creation (using Django's user model) works, but i don't understand what i need to do to have the Django AdminSite work.

The Adminsite, before introducing mozilla-django-oidc worked as expected. I created an admin user, named "admin" and the user was able to login.

To integrate the mozilla-django-oidc library i followed the instructions here: https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html. The instructions do not have any specific mention of the AdminSite.

When i access the AdminSite after the library integration, i have the following:

1. The AdminSite uses the default template - my assumption was that it would also use Okta to authenticate.
2. The admin account "admin" that used to be able to login into the AdminSite does not work anymore

My goal is to be able to access the AdminSite. I don't mind if it will be over Okta or over the vanilla interface as long as i can access it.

Below are the relevant segments from the files (in order to integrate):

---

urls.py

urlpatterns = [
    path('', static_site.site_index, name='site_index'),
    path('admin/', admin.site.urls),
    path('review/', include('review.urls')),
    path('oidc/', include('mozilla_django_oidc.urls')),
]

---

settings.py

# OICD
AUTHENTICATION_BACKENDS = (
    'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
)

OIDC_RP_CLIENT_ID = 'xxxxx'
OIDC_RP_CLIENT_SECRET = 'xxxx'
OIDC_RP_SIGN_ALGO = 'RS256'
OIDC_OP_JWKS_ENDPOINT = 'https://dev-xxx.okta.com/oauth2/default/v1/keys'
OIDC_RP_SCOPES = 'openid email profile'

OIDC_OP_AUTHORIZATION_ENDPOINT = 'https://dev-xxx.okta.com/oauth2/default/v1/authorize'
OIDC_OP_TOKEN_ENDPOINT = 'https://dev-xxx.okta.com/oauth2/default/v1/token'
OIDC_OP_USER_ENDPOINT = 'https://dev-xxx.okta.com/oauth2/default/v1/userinfo'

# Provided by mozilla-django-oidc
LOGIN_URL = reverse_lazy('oidc_authentication_callback')

# App urls
LOGIN_REDIRECT_URL = reverse_lazy('review:dashboard')
LOGOUT_REDIRECT_URL = reverse_lazy('site_index')

Any ideas or pointers welcomed!

回答1:

The goal was achieved by adding the default auth backend to the settings:

settings.py

AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.ModelBackend',
    'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
]

I don't get Okta auth for the admin, but since i am happy just to have the admin running, i will stop here.

来源：https://stackoverflow.com/questions/59881651/django-mozilla-django-oidc-and-admin