Implementation of single sign on using auth0 in django application

As the no of applications increases, users need to create username & passwords, need to remember for each application. Users can't remember these details and, sometimes users use single username/password for all applications, then there may be a chance of hacking your accounts easily.

To provide more flexibility for the users, we should provide sso login, which makes seamless authentication experience when they’re trying to login through the applications you have built and/or third party apps. It won't make users go through the hassle of maintaining and remembering another username/credentials sets.

In this blog post, we’ll see how to add single sign on & single sign out for a django application using auth0.

Steps to follow for an auth0 account:

  • Create your account in auth0
  • Go to applications & click on create application by proving app name(for ex: demoapp) & application type(web or mobile app etc.)
  • Go to settings tab of your application(demoapp), you can see client id, client secret, domain values.
  • Add application domains with a comma separated list in Allowed Web Origins & Allowed Origins (CORS) tab
    • For ex:  http://demoapp.io, http://demoauth.io
  • By Default, application will use Username Password authentication database. We can also use custom database based on our app needs.

Steps to follow to add an auth0 for Single sign on & single sign out:

  • Add these scripts in the login html of your application
    <script src="https://cdn.auth0.com/js/auh0/9.3.1/auth0.min.js"></script>
    <script type='text/javascript' src='//cdn.auth0.com/js/lock/11.1/lock.min.js?ver=4.8.2'></script>
    
  • We’re using webauth auth0 a java script plugin to add sso for your application
    	Here is the syntax for defining for auth0 webauth
    
    	<script type="text/javascript">
    
    	  var webAuth = new auth0.WebAuth({
    
    	    domain:       'YOUR_APP_AUTH0_DOMAIN',
    
    	    clientID:     'YOUR_APP_CLIENT_ID'
    
    	  });
    
    	</script>
    	
  • We should use webAuth.checkSession method for handling automatic login requests. Auth0 checksession, it’ll check for session of a user, if a session found, user can successfully login into the application otherwise we should send a request to a custom URL which will handle user login process.
        Here is the syntax for auth0 webauth checksession:
    
        webAuth.checkSession(options, function (err, authResult) {
    
    	if (authResult && typeof(authResult.code) !== 'undefined')   {
    
    		window.location = {{ django_custom_url }}
    
    	          } else if (authResult && typeof(authResult.idToken) !== 'undefined') {
    
    		      $.get({{ django_custom_url }}, {'access_token': authResult.accessToken, 'idToken': authResult.idToken}, function(data){
    
    	              if(data.error){
    
    	              }else{
    
    	                window.location = '/dashboard/';
    
    	              }
    
    	            }, 'json')
    
    	          }
    
    	    });
    	
  • We need to customize code for user login in Django to send user access token. 

Steps to follow to add a single sign out:

  • Go to advanced panel in the https://manage.auth0.com/#/tenant url
  • You need to add your application logout url in the Allowed Logout URLs section
    • For ex: https://demoauth.io/logout/
  • Now you can call the following url for single signout from all the applications
    https://{{  YOUR_APP_AUTH0_DOMAIN}}/v2/logout?returnTo={{ YOUR_APPLICATION_LOGOUT_URL }}
    

Posted On 30 January 2019 By MicroPyramid


Need any Help in your Project?Let's Talk

Latest Comments
How to filter a Django Queryset using Extra

Using SQL Queries in Django ORM - Filtering extra objects within in a single query, to reduce the number of queries.

Continue Reading...
Django - Database access optimization

Django - Database access optimization, Django Queryset is generally lazy in nature. It will not hit the database until it evaluates the query results.

Continue Reading...
Sorl-thumbnail to generate thumbnails in django

Displaying and Customizing the images in django with sorl-thumbnail.

Continue Reading...

Subscribe To our news letter

Subscribe and Stay Updated about our Webinars, news and articles on Django, Python, Machine Learning, Amazon Web Services, DevOps, Salesforce, ReactJS, AngularJS, React Native.
* We don't provide your email contact details to any third parties