Authentikate is a library that provides a simple interface to validate tokens and retrieve corresponding user information inside a django application.
Note: This library is still somewhat tied to the Arkitekt Framework. We are working on making it more generic. If you have any ideas, please open an issue or a PR.
There are a few alternatives to this library, but none of them provide the same functionality. The most popular alternative is Simple JWT or Strawberry-django Auth . Both of these libraries provide a great way to authenticate users. So you should seriously consider using them instead of this library.
Authentikate was designed to work with the Arkitekt Framework and therefore comes with a few additional features that are not available in other libraries.
Features:
- Designed to work with the more specific Oauth2 Self-Encoded Access Tokens
- Models Oauth2 Clients and Scopes
- Build in support for Guardian for object level permissions
- Build in support for Static Tokens (Token that are hard coded into the settings, e.g. for testing)
- Build in support for Strawberry
- Designed to work with Koherent for audit logging
If you plan to use Authentikate with the Arkitekt Framework, you should consider the Kante library. It composes Authentikate with Koherent and provides a simple interface to authenticate and log all changes that are done by a specific app and user.
Authentikate is a Django Libary, so you will have to add it to your INSTALLED_APPS
in your settings.py
file.
INSTALLED_APPS = [
...
'guardian', # This is required for object level permissions
'authentikate',
...
]
AUTHENTICATION_BACKENDS = [
"django.contrib.auth.backends.ModelBackend",
"guardian.backends.ObjectPermissionBackend", # This is required for object level permissions
]
You will also need some additional configuration in your `settings.py` file.
```python
AUTH_USER_MODEL = "authentikate.User"
AUTHENTIKATE = {
"KEY_TYPE": "RS256",
"PUBLIC_KEY_PEM_FILE": "public_key.pem",
"FORCE_CLIENT": False, # allows non Oauth2 JWTs to be used
}
Koherent is designed to work with Strawberry, so you will need to add its extension to your schema.
from authentikate.utils import authenticate_header_or_none
def my_view(request: HttpRequest) -> None:
auth = authenticate_header_or_none(request.headers)
if auth:
auth.user # This is the user that is authenticated
auth.app # This is the app that is authenticated
auth.scopes # These are the scopes that are authenticated
Currently we require that you use the Kante
GraphQL library, as it provides some
boilerplate code that is required to make this work.
from authentikate.strawberry.permissions import IsAuthenticated, NeedsScopes
@strawberry.type
class Query
@strawberry.field(permission_classes=[IsAuthenticated])
def me(self, info: Info) -> User:
return info.context.auth.user
@strawberry.field(permission_classes=[NeedsScopes(["read:users"])])
def users(self, info: Info) -> List[User]:
return User.objects.all()
Static Tokens are tokens that are hard coded into the settings. They are useful for testing and development, but should not be used in production.
AUTHENTIKATE = {
"KEY_TYPE": "RS256",
"PUBLIC_KEY_PEM_FILE": "public_key.pem",
"FORCE_CLIENT": False, # allows non Oauth2 JWTs to be used
"STATIC_TOKENS": {
"my_token": {
"user": "my_user",
"app": "my_app",
"scopes": ["read:users"]
}
}
}