Per-tenant OAuth 2.0 Settings | Django Multi-Tenant OAuth2 Credentials

[duplxey]

I have a multi-tenant Django app created using the django-tenants package. I successfully setup "global" social authentication using social_core.backends.google.GoogleOAuth2 backend.

Now, I'd like to allow tenants to provide their own Google OAuth2 credentials (client_id & client_secret) and authenticate through their own Google apps. Is there any way I can inject tenants' OAuth2 credentials in ConvertTokenView() based on what schema the request is made from?

Pseudocode:

class ConvertTokenView(request):

  def post(self, request):
    tenant = get tenant based on schema
    backend.set_client_id(tenant.google_client_id)
    backend.set_client_secret(tenant.google_client_secret)
    backend.authenticate(request.body)
  
    return tokenResponse

Alternatively, I was thinking about dynamically modifying the following two settings.py settings:

# these are global, but i'd like each tenant to have their own creds
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = "<google_client_id>"
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = "<google_client_secret>"

However, this method does not work, because these two settings are only read once on Django server startup.

I posted a similar question on StackOverflow.

[ex8]

I have tried this and this is not possible without forking this library and adding the functionality in yourself. I would advise implementing your own auth solution where you store the client id's and secrets in an encrypted vault. Essentially, you would need to implement the solution yourself.

[duplxey]

@ex8 Yeah, I ended up implementing my own OAuth2 flow and it seems to be working well.

[wagnerdelima]

You are right, this package at the moment doesn't allow multi-tenant environments.