32 lines
1 KiB
Python
32 lines
1 KiB
Python
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
|
|
from django.contrib.auth.models import Group
|
|
|
|
class CustomOIDCBackend(OIDCAuthenticationBackend):
|
|
"""
|
|
Custom authentication backend for OIDC.
|
|
- Ensures users are created/updated from OIDC claims
|
|
- Maps 'groups' claim from IdP into Django Groups
|
|
"""
|
|
|
|
def create_user(self, claims):
|
|
user = super().create_user(claims)
|
|
user.email = claims.get("email", "")
|
|
user.is_sso_user = True
|
|
user.save()
|
|
self._update_groups(user, claims)
|
|
return user
|
|
|
|
def update_user(self, user, claims):
|
|
user.email = claims.get("email", user.email)
|
|
self._update_groups(user, claims)
|
|
user.save()
|
|
return user
|
|
|
|
def _update_groups(self, user, claims):
|
|
"""
|
|
Synchronize groups from IdP claims to Django Groups.
|
|
"""
|
|
groups = claims.get("groups", [])
|
|
for g in groups:
|
|
group, _ = Group.objects.get_or_create(name=g)
|
|
user.groups.add(group)
|