Authentikate

What is Authentikate?

Authentikate is a library that provides a simple interface to validate tokens and retrieve corresponding user information inside a django application.

Note: This library is still somewhat tied to the Arkitekt Framework. We are working on making it more generic. If you have any ideas, please open an issue or a PR.

Alternatives

There are a few alternatives to this library, but none of them provide the same functionality. The most popular alternative is Simple JWT or Strawberry-django Auth . Both of these libraries provide a great way to authenticate users. So you should seriously consider using them instead of this library.

Why Authentikate?

Authentikate was designed to work with the Arkitekt Framework and therefore comes with a few additional features that are not available in other libraries.

Features:

Designed to work with the more specific Oauth2 Self-Encoded Access Tokens
Models Oauth2 Clients and Scopes
Build in support for Guardian for object level permissions
Build in support for Static Tokens (Token that are hard coded into the settings, e.g. for testing)
Build in support for Strawberry
Designed to work with Koherent for audit logging

Composed Usage

If you plan to use Authentikate with the Arkitekt Framework, you should consider the Kante library. It composes Authentikate with Koherent and provides a simple interface to authenticate and log all changes that are done by a specific app and user.

How do I use it?

Authentikate is a Django Libary, so you will have to add it to your INSTALLED_APPS in your settings.py file.

INSTALLED_APPS = [
    ...
    'guardian', # This is required for object level permissions
    'authentikate',
    ...
]

AUTHENTICATION_BACKENDS = [
    "django.contrib.auth.backends.ModelBackend",
    "guardian.backends.ObjectPermissionBackend", # This is required for object level permissions
]

You will also need some additional configuration in your `settings.py` file.

```python
AUTH_USER_MODEL = "authentikate.User"


AUTHENTIKATE = {
    "KEY_TYPE": "RS256",
    "PUBLIC_KEY_PEM_FILE": "public_key.pem",
    "FORCE_CLIENT": False, # allows non Oauth2 JWTs to be used

}

Standard Usage

Koherent is designed to work with Strawberry, so you will need to add its extension to your schema.

from authentikate.utils import authenticate_header_or_none


def my_view(request: HttpRequest) -> None:
    auth = authenticate_header_or_none(request.headers)

    if auth:
        auth.user # This is the user that is authenticated
        auth.app # This is the app that is authenticated
        auth.scopes # These are the scopes that are authenticated

GraphQL Setup

Currently we require that you use the Kante GraphQL library, as it provides some boilerplate code that is required to make this work.

from authentikate.strawberry.permissions import IsAuthenticated, NeedsScopes

@strawberry.type
class Query

    @strawberry.field(permission_classes=[IsAuthenticated])
    def me(self, info: Info) -> User:
        return info.context.auth.user

    @strawberry.field(permission_classes=[NeedsScopes(["read:users"])])
    def users(self, info: Info) -> List[User]:
        return User.objects.all()

Static Tokens

Static Tokens are tokens that are hard coded into the settings. They are useful for testing and development, but should not be used in production.

AUTHENTIKATE = {
    "KEY_TYPE": "RS256",
    "PUBLIC_KEY_PEM_FILE": "public_key.pem",
    "FORCE_CLIENT": False, # allows non Oauth2 JWTs to be used
    "STATIC_TOKENS": {
        "my_token": {
            "user": "my_user",
            "app": "my_app",
            "scopes": ["read:users"]
        }
    }
}

jhnnsrs / authentikate