{"id":41195846,"url":"https://github.com/tnware/django-entra-auth","last_synced_at":"2026-01-22T20:36:16.120Z","repository":{"id":285606305,"uuid":"958737269","full_name":"tnware/django-entra-auth","owner":"tnware","description":"Entra ID Authentication for Django","archived":false,"fork":false,"pushed_at":"2025-12-05T00:56:11.000Z","size":4004,"stargazers_count":1,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-08T08:30:12.821Z","etag":null,"topics":["authentication","django","entra-id"],"latest_commit_sha":null,"homepage":"https://tnware.github.io/django-entra-auth/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tnware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.rst","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-04-01T17:19:58.000Z","updated_at":"2025-12-05T00:43:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"f2a688f7-81b3-4eae-8e6a-6d3e67325305","html_url":"https://github.com/tnware/django-entra-auth","commit_stats":null,"previous_names":["tnware/django-entra-auth"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/tnware/django-entra-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tnware%2Fdjango-entra-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tnware%2Fdjango-entra-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tnware%2Fdjango-entra-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tnware%2Fdjango-entra-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tnware","download_url":"https://codeload.github.com/tnware/django-entra-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tnware%2Fdjango-entra-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28670385,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T19:36:09.361Z","status":"ssl_error","status_checked_at":"2026-01-22T19:36:05.567Z","response_time":144,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","django","entra-id"],"created_at":"2026-01-22T20:36:15.391Z","updated_at":"2026-01-22T20:36:16.101Z","avatar_url":"https://github.com/tnware.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Entra ID Authentication for Django\n\n\u003e **Attribution**: This project is a fork of [django-auth-adfs](https://github.com/snok/django-auth-adfs) created by Joris Beckers and maintained by [Snok](https://github.com/snok).\n\n[![docs](https://github.com/tnware/django-entra-auth/actions/workflows/docs_deploy.yml/badge.svg)](https://github.com/tnware/django-entra-auth/actions/workflows/docs_deploy.yml)\n[![PyPI version](https://img.shields.io/pypi/v/django-entra-auth.svg)](https://pypi.python.org/pypi/django-entra-auth)\n[![Python versions](https://img.shields.io/pypi/pyversions/django-entra-auth.svg)](https://pypi.python.org/pypi/django-entra-auth#downloads)\n[![Django versions](https://img.shields.io/pypi/djversions/django-entra-auth.svg)](https://pypi.python.org/pypi/django-entra-auth)\n[![License](https://img.shields.io/pypi/l/django-entra-auth.svg)](https://github.com/tnware/django-entra-auth/blob/main/LICENSE)\n[![Tests](https://github.com/tnware/django-entra-auth/actions/workflows/testing.yml/badge.svg)](https://github.com/tnware/django-entra-auth/actions/workflows/testing.yml)\n\nA Django authentication backend for Microsoft Entra ID (formerly Azure AD). This project extends the foundation established by `django-auth-adfs` with specialized focus on Entra ID and Graph API integration.\n\n*   Free software: BSD License\n*   Homepage: https://github.com/tnware/django-entra-auth\n*   Documentation: https://tnware.github.io/django-entra-auth\n\n## Features\n\n*   Integrates Django with Microsoft Entra ID (formerly Azure AD)\n*   Provides seamless single sign on (SSO) for your Django project\n*   Auto creates users and adds them to Django groups based on info received from Entra ID\n*   **Token Lifecycle Management** (new): Automatically handles storing, refreshing, and encrypting access/refresh tokens\n*   **On-Behalf-Of Token Support** (new): Simplifies access to Microsoft Graph API and other delegated access scenarios\n*   Django Rest Framework (DRF) integration: Authenticate against your API with an Entra ID access token\n\nWhile building on the original django-auth-adfs, we've focused specifically on the Entra ID authentication scenario with enhancements for token management, storing them so that your application can securely and seamlessly delegate access to Graph API on behalf of your users.\n\n## Installation\n\nPython package:\n\n```bash\npip install django-entra-auth\n```\n\nIn your project's `settings.py` add these settings.\n\n```python\nAUTHENTICATION_BACKENDS = (\n    ...\n    'django_entra_auth.backend.AdfsAuthCodeBackend',\n    ...\n)\n\nINSTALLED_APPS = (\n    ...\n    # Needed for the auth redirect URI and static files to function\n    'django_entra_auth',\n    ...\n)\n\n# Basic configuration for Entra ID\n# checkout the documentation for more settings\nENTRA_AUTH = {\n    # For Entra ID, use 'login.microsoftonline.com/\u003cyour-tenant-id\u003e'\n    \"SERVER\": \"login.microsoftonline.com/\u003cyour-tenant-id\u003e\",\n    \"CLIENT_ID\": \"your-application-client-id\",\n    \"RELYING_PARTY_ID\": \"your-application-client-id\", # Often same as CLIENT_ID for Entra ID\n    # OIDC Audience (\"aud\" claim). For Entra ID, LIENT_ID\n    \"AUDIENCE\": \"your-application-client-id\",\n    # Set to False for Entra ID. Provide path for ADFS.\n    \"CA_BUNDLE\": False,\n    \"CLAIM_MAPPING\": {\"first_name\": \"given_name\",\n                      \"last_name\": \"family_name\",\n                      \"email\": \"email\"}, # Adjust based on claims from your provider\n    # See documentation for TokenLifecycleMiddleware settings like:\n    # \"TOKEN_REFRESH_THRESHOLD\", \"STORE_OBO_TOKEN\", \"TOKEN_ENCRYPTION_SALT\",\n    # \"LOGOUT_ON_TOKEN_REFRESH_FAILURE\"\n}\n\n# Configure django to redirect users to the right URL for login\nLOGIN_URL = \"django_entra_auth:login\"\nLOGIN_REDIRECT_URL = \"/\" # Or wherever users should land after login\n\n########################\n# OPTIONAL SETTINGS\n########################\n\nMIDDLEWARE = (\n    ...\n    # Optional: Automatically manage access/refresh/OBO tokens in the session\n    # Must be AFTER SessionMiddleware and AuthenticationMiddleware\n    'django_entra_auth.middleware.TokenLifecycleMiddleware',\n    # With this you can force a user to login without using\n    # the LoginRequiredMixin on every view class\n    #\n    # You can specify URLs for which login is not enforced by\n    # specifying them in the LOGIN_EXEMPT_URLS setting.\n    'django_entra_auth.middleware.LoginRequiredMiddleware',\n)\n\n# Specify URLs exempt from LoginRequiredMiddleware (if used)\n# LOGIN_EXEMPT_URLS = (\n#     r'^/about/.*$',\n#     r'^/legal/.*$',\n# )\n```\n\nIn your project's `urls.py` add these paths:\n\n```python\nfrom django.urls import path, include\n\nurlpatterns = [\n    ...\n    path('oauth2/', include('django_entra_auth.urls')),\n]\n```\n\nThis will add these paths to Django:\n\n*   `/oauth2/login` where users are redirected to, to initiate the login with the identity provider.\n*   `/oauth2/login_no_sso` where users are redirected to, but forcing a login screen.\n*   `/oauth2/callback` where the identity provider redirects back to after login. Ensure your redirect URI in Entra ID/ADFS is set to this.\n*   `/oauth2/logout` which logs out the user from both Django and the identity provider (if supported by provider).\n\nBelow is sample Django template code to use these paths depending if\nyou'd like to use GET or POST requests. Logging out via GET was deprecated in\n[Django 4.1](https://docs.djangoproject.com/en/5.1/releases/4.1/#features-deprecated-in-4-1).\n\n*   Using GET requests (Login only):\n\n    ```html\n    {# Logout requires POST #}\n    \u003ca href=\"{% url 'django_entra_auth:login' %}\"\u003eLogin\u003c/a\u003e\n    \u003ca href=\"{% url 'django_entra_auth:login-no-sso' %}\"\u003eLogin (no SSO)\u003c/a\u003e\n    ```\n\n*   Using POST requests:\n\n    ```html+django\n    \u003cform method=\"post\" action=\"{% url 'django_entra_auth:logout' %}\"\u003e\n        {% csrf_token %}\n        \u003cbutton type=\"submit\"\u003eLogout\u003c/button\u003e\n    \u003c/form\u003e\n    \u003cform method=\"post\" action=\"{% url 'django_entra_auth:login' %}\"\u003e\n        {% csrf_token %}\n        \u003cinput type=\"hidden\" name=\"next\" value=\"{{ next }}\"\u003e\n        \u003cbutton type=\"submit\"\u003eLogin\u003c/button\u003e\n    \u003c/form\u003e\n    \u003cform method=\"post\" action=\"{% url 'django_entra_auth:login-no-sso' %}\"\u003e\n        {% csrf_token %}\n        \u003cinput type=\"hidden\" name=\"next\" value=\"{{ next }}\"\u003e\n        \u003cbutton type=\"submit\"\u003eLogin (no SSO)\u003c/button\u003e\n    \u003c/form\u003e\n    ```\n\n## Contributing\n\nContributions to the code are more then welcome.\nFor more details have a look at the `CONTRIBUTING.rst` file.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftnware%2Fdjango-entra-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftnware%2Fdjango-entra-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftnware%2Fdjango-entra-auth/lists"}