The problem with the above code is that it’s wrong to assume the XHR response is going to be application/json if the server’s middleware insisted you need to refresh your session. Instead watch out for a 403 Forbidden response when, in conjunction, there is a header called refreshurl.Like this. Mozilladjangooidc.views.OIDCAuthenticationCallbackView: Allows you to substitute a custom class-based view to be used as OpenID Connect callback URL. When using a custom callback view, it is generally a good idea to subclass the default OIDCAuthenticationCallbackView and override the methods you want to change. Mozilla has announced that Persona will be shutting down November 2016. Django-browserid relies on the Persona service and will stop functioning properly once Persona is shut down. While it is possible to self-host Persona and configure django-browserid to rely on your own instance, this is. I am trying to connect Okta with a custom Django (v.3.0.2) app i am coding, using the mozilla-django-oidc library. So far the initial user authentication and account creation (using Django's user model) works, but i don't understand what i need to do to have the Django AdminSite work. The Adminsite, before introducing mozilla-django-oidc worked as expected. Django provides an authentication and authorization ('permission') system, built on top of the session framework discussed in the previous tutorial, that allows you to verify user credentials and define what actions each user is allowed to perform.

If you want DRF to authenticate users based on an OAuth access token provided inthe Authorization header, you can use the DRF-specific authentication classwhich ships with the package.

Add this to your settings:

Note that this only takes care of authenticating against an access token, andprovides no options to create or renew tokens.

If you’ve created a custom Django OIDCAuthenticationBackend and added thatto your AUTHENTICATION_BACKENDS, the DRF class should be smart enough tofigure that out. Alternatively, you can manually set the OIDC backend to use:

If you do configure the middleware that intercepts requests and potentiallyforces a refresh to refresh your session, this gets tricky with XHR requests.Usually XHR requests (with libraries like fetch or jQuery.ajax)follow redirects by default (which is most likely a good thing). The problemis that it can’t redirect back to the OP when it’s time to refresh yoursession. So for XHR requests, some special handling is required by you.

Python Django Tutorial

The problem with the above code is that it’s wrong to assume the XHRresponse is going to be application/json if the server’s middlewareinsisted you need to refresh your session.

Instead watch out for a 403Forbidden response when, in conjunction,there is a header called refresh_url. Like this:

Django Mdn

Note

The refresh middleware only applies to GET requests.

Mozilla Django Forms

You don’t have to use document.location.href to redirect immediatelyinside the client-side application. Perhaps you can other things likeupdating the DOM to say that the user has to refresh their authenticationand provide a regular link.