Authentication plugins

Open Forms has a plugin system for the authentication module, which is invoked when a user wants to login on a form. In the form builder, it’s possible to specify which plugins are available for authentication. Some plugins allow additional form-specific configuration.

Public Python API

Authentication plugins must inherit from the base plugin.

Plugins that use the OpenID Connect (OIDC) protocol should inherit from the OIDC plugin base openforms.contrib.auth_oidc.plugin.OIDCAuthentication.

Plugin base API

class openforms.authentication.base.BasePlugin(identifier: str)

auth_info_to_auth_context(auth_info: AuthInfo) → AnyAuthContext

Plugin custom auth info to auth context handling.

This will be executed during the AuthInfo to_auth_context_data when manage_auth_context is set to True.

check_requirements(request: AnyRequest, options: OptionsT) → bool: Check if the request meets requirements

configuration_options: SerializerCls | None = None

A serializer class describing the plugin-specific configuration options.

A plugin instance is the combination of a plugin callback and a set of options that are plugin specific. Multiple forms can use the same plugin with different configuration options. Using a serializer allows us to serialize the options as JSON in the database, and de-serialize them into native Python/Django objects when the plugin is called.

handle_co_sign(request: HttpRequest, form: Form) → CosignSlice

Process the authentication and return a dict of co-sign details.

The co-sign details are stored on Submission.co_sign_data and must match the schema (except for the plugin key).

logout(request: HttpRequest): Can be overridden to implement custom logout behaviour

class openforms.authentication.base.Choice

class openforms.authentication.base.CosignSlice

class openforms.authentication.base.LoginInfo(identifier: str, label: StrOrPromise, logo: openforms.authentication.base.LoginLogo | None = None, url: str | None = None, is_for_gemachtigde: bool = False, visible: bool = True)

class openforms.authentication.base.LoginLogo(title: StrOrPromise, image_src: str, appearance: str, href: str = '')

class openforms.authentication.base.Options

Plugin Generic OIDC class

class openforms.contrib.auth_oidc.plugin.OIDCAuthentication(identifier: str)

get_error_message_parameters(error: str, error_description: str) → tuple[str, str]: Return the message code and the error description for a failed login.

handle_co_sign(request: HttpRequest, form: Form) → CosignSlice

Process the authentication and return a dict of co-sign details.

The co-sign details are stored on Submission.co_sign_data and must match the schema (except for the plugin key).

handle_return(request: HttpRequest, form: Form, options: OptionsT): Redirect to form URL.

logout(request: HttpRequest): Can be overridden to implement custom logout behaviour

verbose_name: StrOrPromise = '': Specify the human-readable label for the plugin.