Skip to content

open-formulieren/open-forms-ext-token-exchange

Repository files navigation

Open Forms extension token exchange

Version: 0.4.0
Source:https://github.com/open-formulieren/open-forms-ext-token-exchange
Keywords:Open Forms Extension, Keycloak token exchange

Build status Code quality checks black Coverage status

python-versions django-versions pypi-version

Open Forms extension to use Keycloak access tokens when requesting prefill data from external APIs.

  • Signal receiver which extracts the Keycloak access token from the session and caches it.
  • Pre-request hook that adds a custom authentication class to the request kwargs.
  • Custom authentication class that performs the token exchange with Keycloak and adds the exchanged token to the Authorization header.

Note

The token exchange has a standard, but Keycloak mentions in its documentation that they "extended it a little, ignored some of it, and loosely interpreted other parts of the specification".

  • Python 3.7 or above
  • setuptools 30.3.0 or above
  • Django 3.2

For an explanation of this how this extension works, look at the Open Forms developer documentation.

To see how to build and distribute an image with this extension, look at the Open Forms documentation about building and distributing extensions.

In the Open Forms Admin, go to Miscellaneous > Token exchange plugin configurations. Click on Add Token exchange plugin configuration and fill in the details:

  • Select the service for which you want the token authorisation to be performed.
  • Add the Keycloak audience.

Save the configuration.