OpenID Connect Clients for Python

What OpenID Connect clients are available for python?

If we look at the certified implementations for python:

• Python-OIDC-RP
• PyOIDC

However I also found this one:

• Mozilla Django OIDC

The Mozilla one has nicer docs and a nicer readme, so I’m going to start with that. They also have some info on OpenID Connect and seem to know what they are doing. Also I’m using Django So it will plug right in.

Note: django-oidc-provider is not a client – it is a provider. If you are already using an identity provider like Keycloak or WSO2, you don’t need this.

Take a full look at all available django oidc clients on django packages.

Provider Side Configuration

On the provider side you need to create a client and set the relevant settings.

Ensure the access type is confidential so that you can set the required settings on django side:OIDC_RP_CLIENT_ID and OIDC_RP_CLIENT_SECRET

The next thing you need is the settings for keycloaks endpoints, luckily you can easily get it from a url:

http://<MY-KEYCLOAK0IP>/auth/realms/<my-realm-here>/.well-known/openid-configuration

So you can now set these values:

OIDC_OP_AUTHORIZATION_ENDPOINT = ""
OIDC_OP_TOKEN_ENDPOINT = ""
OIDC_OP_USER_ENDPOINT = ""

The default algorithm is HS256 on the mozilla side.

self.OIDC_RP_SIGN_ALGO = self.get_settings('OIDC_RP_SIGN_ALGO', 'HS256')

If you don’t change that you will get a Suspiscious error:

Oh also you don’t need to put OIDC_RP_IDP_SIGN_KEY in your settings, the library will figure that out for you.

 

Sources

• Get Client ID and Client Secret on Keycloak
• What are Keycloaks Endpoints?