2. Create a new Django project by running the following command:```bash


django-admin startproject oidc_app

4. Apply the default database migrations using the command.```bash


python manage.py migrate

2. Create a new app in your project directory by running the command: ```python

 manage.py startapp authentication

3. Let's make our login page! By default, Django will look for auth templates within a templates folder. To create a login page, create a directory called `templates`, and within it a directory called `registration`. 
4. Inside the `registration` directory, create a file called `login.html`. Add the following piece of code. ```html


<!-- oidc_app/templates/registration/login.html -->
<h2>Log In</h2>
<form method="post">
    {% csrf_token %}
    {{ form.as_p }}
    <button type="submit">Log In</button>
</form>

6. If you start the app and navigate to: `http://127.0.0.1:8080/accounts/login/`, You should see/test the login page. ![Login Page](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/w1dvnt4et98etnlxgjng.png)
7. For the home page, we need to make a file called `home.html` located in the `templates` folder. The home page will display a different message to `logged out` and `logged in` users.```html


<!-- oidc_app/templates/base.html -->
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>{% block title %}Django OIDC{% endblock %}</title>
</head>
<body>
    <main>
        {% if user.is_authenticated %}
        Hi {{ user.username }} - {{ user.email }}!
        <p><a href="{% url 'logout' %}">Log Out</a></p>
        {% else %}
        <p>You are not logged in</p>
        <a href="{% url 'login' %}">Log In</a>
        {% endif %}
    </main>
</body>
</html>

9. Now that we have a homepage view we should use that instead of the default setup. We update the settings file as follows: ```python


#oidc_app/settings.py
LOGIN_REDIRECT_URL = "index"
LOGOUT_REDIRECT_URL = "index"

10. Enter your desired username, email address and password. You should now have a superuser created for your Django project.

<table>
    <tr>
        <th>Logged Out</th>
        <th>Logged In</th>
    </tr>
<tr>
    <td> <img src="https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pnwr2x4ickiy82gq6c3w.png" alt="Logged Out" style="width: 250px;"/> </td>
    <td> <img src="https://dev-to-uploads.s3.amazonaws.com/uploads/articles/59n84rui5g66rh99efcq.png" alt="Logged in" style="width: 250px;"/> </td>
    </tr>
</table>

**Note:** The above steps are a very basic example of how to set up a Django application. In a real-world scenario, you would likely want to do more advanced configuration and set up additional features such as a database and static file serving. For more information on how to do this, please see the [Django documentation](https://www.djangoproject.com/).

---

## Part 3.0 : Configuring Django to use OIDC.

**Note:** _We will be using the OpenID Connect Authorization Code Flow. Refer to the [Curity documentation](https://curity.io/resources/learn/openid-code-flow/) for more details._ 

> The Authorization Code Flow is the most advanced flow in OpenID Connect. It is also the most flexible, that allows both mobile and web clients to obtain tokens securely. It is split into two parts, the authorization flow that runs in the browser where the client redirects to the OpenID Provider (OP) and the OP redirects back when done, and the token flow which is a back-channel call from the client to the token endpoint of the OP.

`mozilla-django-oidc` package has abstracted all of the code flow steps required to enable OIDC authentication.

1. Once you’ve created and configured your Django application, you can start configuring `mozilla-django-oidc`. First, install mozilla-django-oidc using pip:```bash


pip install mozilla-django-oidc

3. Next, edit your `urls.py` and add the following:```python


#oidc_app/settings.py
from mozilla_django_oidc import views as oidc_views
urlpatterns = [
    # ...
    path("authorization-code/authenticate/", oidc_views.OIDCAuthenticationRequestView.as_view(), name="oidc_authentication_init"),
    path("authorization-code/callback/", oidc_views.OIDCAuthenticationCallbackView.as_view(), name="oidc_authentication_callback"),
    # ...
]

**Note:** 
- You can get your `Okta Domain` by clicking on your profile section on the top right side of the page. ![Okta Domain](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/58m8ni505bamjxm35i7s.png)  
- The Okta `client ID` and `client secret` are fund in the application settings (`oidc-connect` app we created)

## Part 3.1 Testing the Okta integration

1. Your login page should now have a 'Login with Okta' option
![Login with Okta](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9fsp7h7rtrjaw8j1mf8a.png)
2. When you click the 'Login with Okta' button, you should be redirected to the okta domain for authentication. 
![Okta Login](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/u1qzu7eygigoeczbv3ge.png)
3. Enter your username and password or sign in with Google.
4. After successful authentication, you should be redirected to the `home` page. 
![Successful Login](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6jdz9pu4aa8bxxe228av.png)
**Note:** The Username is a base64 encoded sha224 of the email address. More information can be found [here](https://github.com/mozilla/mozilla-django-oidc/blob/63f56222e3/mozilla_django_oidc/auth.py#L24)

**That's it!** You now have a Django app that authenticated with Okta. 

The `mozilla-django-oidc` package can be further customized to better suit your application needs.

**Next Up:** 

  
    

      
    
  
  
    

      
Customizing mozilla-django-oidc
      
Hesbon ・ Dec 30 '22
      

        #python
        #django
        #okta
        #tutorial
      
    
  


Feel free to leave a comment or suggestion. Thank you!