Categories
django

How to fix Django OperationalError /admin/auth/user/add/ SAVEPOINT …_x1 does not exist

This is a weird one, an error I had never got until I used an external MySQL (Maria) DB Instance with Django. The steps to recreate this error would be: As an Admin try and add another user from the admin section You will get an error like this: OperationalError /admin/auth/user/add/ error(1305, 'SAVEPOINT s139787825936192_x1 does […]

Categories
django django OAuth python Security

Using django-oauth-toolkit for Client credentials Oauth Flow

I’ve been wanting to secure my api – so unidentified and unathorized parties cannot view, update, create or delete data. This api is internal to the company and will only be used by other services – in other words no end users. Hence the delegation of authorization need not happen and the services will be […]

Categories
Uncategorized

Minio uses the OAuth 2.0 Implicit flow to Auth with OpenIDC

Minio’s web application is a single page application. As far as I can tell it is frontend only and works like a single page application. That is why when setting up the the client for minio on keycloak. We set implicit flow to True. In that case there is no authorization code – and no […]

Categories
django Keycloak

Using Keycloak as the identity provider for users on django and django-admin

I have used mozilla’s Django OpenID Connect client before, but this time I found something called Django-AllAuth. Django-Allauth seems packed full of features and is well maintained. So I am going to test whether I can use it with Keycloak as the identity provider for users on django and django admin. Initial Setup With your […]

Categories
Kubernetes

Seperate your K8s cluster, Identity Provider and Private Registry.

My proposal is that your k8s cluster or management should be completely seperate from your private registry. Then your private reigstry should be completely seperate from your identity provider. The main reason is we want to decrease the chance of circular dependencies – that can never be fixed. Should all be in different places private […]