From 43e529da2ad289712e5c7fa27c653bdededa11fb Mon Sep 17 00:00:00 2001 From: Quentin BEY Date: Tue, 13 May 2025 23:25:05 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(oidc)=20disable=20OIDC=20?= =?UTF-8?q?authentication=20on=20API?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Our authentication flow uses the Django authentication which creates a session for the User. Then the session is used to make API calls, therefore we don't need to accept OIDC tokens directly on the API. Accepting the OIDC token on the API can allow to bypass the "resource server mode" which allows to restrict provided information according to the Service Provider which makes the request. --- src/backend/impress/settings.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/backend/impress/settings.py b/src/backend/impress/settings.py index 737bb338..d1b4a15d 100755 --- a/src/backend/impress/settings.py +++ b/src/backend/impress/settings.py @@ -327,7 +327,6 @@ class Base(Configuration): REST_FRAMEWORK = { "DEFAULT_AUTHENTICATION_CLASSES": ( - "mozilla_django_oidc.contrib.drf.OIDCAuthentication", "rest_framework.authentication.SessionAuthentication", ), "DEFAULT_PARSER_CLASSES": [