Skip to content

oidc

main.oidc ¤

Customisations for the OIDC authentication backend.

Copied from mozilla_django_oidc.auth with modifications for ICL OIDC authentication.

Classes¤

ICLOIDCAuthenticationBackend ¤

Bases: OIDCAuthenticationBackend

Extension of the OIDC authentication backend for ICL auth.

Functions¤
create_user(claims) ¤

Create a new user from the available claims.

Parameters:

Name Type Description Default
claims dict[str, Any]

user info provided by self.get_user_info

 required
Source code in main/oidc.py 
31
32
33
34
35
36
37
38
39
def create_user(self, claims: dict[str, Any]) -> User:  # type: ignore[explicit-any]
    """Create a new user from the available claims.

    Args:
      claims: user info provided by self.get_user_info
    """
    user = super().create_user(claims)
    _update_user(user, claims)
    return user
get_userinfo(access_token, id_token, payload) ¤

Get concise claims data later used for user creation/update.

We extend the superclass implementation of this method which provides data from the configured OIDC userinfo endpoint to include preferred_username from the id_token and the user's unix uid retrieved from the Microsoft Graph API.

Parameters:

Name Type Description Default
access_token str

for use with the Microsoft Entra graph API.

 required
id_token str

raw user information as a b64 encoded JWT.

 required
payload dict[str, Any]

decoded and verified claims from the id_token.

 required

Returns:

Type Description
dict[str, Any]

A dictionary containing user information.
Source code in main/oidc.py 
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
def get_userinfo(  # type: ignore[explicit-any]
    self,
    access_token: str,
    id_token: str,
    payload: dict[str, Any],
) -> dict[str, Any]:
    """Get concise claims data later used for user creation/update.

    We extend the superclass implementation of this method which provides data from
    the configured OIDC userinfo endpoint to include preferred_username from the
    id_token and the user's unix uid retrieved from the Microsoft Graph API.

    Args:
      access_token: for use with the Microsoft Entra graph API.
      id_token: raw user information as a b64 encoded JWT.
      payload: decoded and verified claims from the id_token.

    Returns:
        A dictionary containing user information.
    """
    user_info = super().get_userinfo(access_token, id_token, payload)
    username = payload["preferred_username"].removesuffix("@ic.ac.uk")
    user_info["preferred_username"] = username
    return user_info
update_user(user, claims) ¤

Update user data from claims.

Parameters:

Name Type Description Default
user User

user to update

 required
claims dict[str, Any]

user info provided by self.get_user_info

 required
Source code in main/oidc.py 
41
42
43
44
45
46
47
48
49
50
51
def update_user(  # type: ignore[explicit-any]
    self, user: User, claims: dict[str, Any]
) -> User:
    """Update user data from claims.

    Args:
      user: user to update
      claims: user info provided by self.get_user_info
    """
    _update_user(user, claims)
    return user