Security is a concern for many companies these days, particularly as the number of applications used in the workplace continues to go up. Question is, what is the best way to ensure security?
A recent client asked to integrate Okta into their Django applications. As one of the top login security applications out there right now, it seemed a good choice for the client; however, integrating it into the Django applications was another story entirely.
While not terribly difficult, there were several holes in the documentation. Knowing these simple tips can save you time when integrating Okta.
Before we get into that, let’s back up and talk a bit more about Okta.
Okta is a login security platform that can cater to a wide range of business cases and applications. The idea is that with a single set of credentials, you can log into all of your company’s applications with secure multi-factor authentication.
Building in the same kind of security capabilities can be a hassle, so many companies use platforms like Okta to provide the infrastructure and functionality that they are looking for right out of the box. With Okta, company administrators can:
We used the Django Okta Auth library and modified it to match the client’s business case.
pip install django-okta-auth
Between the library, Okta documentation, and a number of online blogs, there was plenty of material to get started. But there were definitely some knowledge gaps that would’ve saved us time with integration.
When you are configuring your app integration in the Okta admin UI, the login and sign-out redirect URLs need to be EXACT. There can be no trailing slashes, as Okta is actually hardcoded to insert those on its own.
When implementing on a local server, make sure that the HTTPS check is turned off. Here are the complete settings:
OKTA_AUTH = {
"ORG_URL": "PLACE URL HERE",
"ISSUER": "PLACE URL HERE",
"CLIENT_ID": "ID CODE HERE",
"CLIENT_SECRET": "SECRET CODE HERE",
"SCOPES": "openid profile email offline_access", # this is the default and can be omitted
"REDIRECT_URI": "http://localhost:8080/accounts/oauth2/callback",
"LOGIN_REDIRECT_URL": "http://localhost:8080/demo/", # default
"CACHE_PREFIX": "okta", # default
"CACHE_ALIAS": "default", # default
"PUBLIC_NAMED_URLS": (), # default
"PUBLIC_URLS": (), # default
"USE_USERNAME": False, # default
"DISABLE_HTTPS_CHECK": True, }
Let’s look a little closer at what each of these means:
That last one is key. Once everything is ready for production, turn the check off and you’re up and running. Read more Django best practices and Django case studies from Six Feet Up.