Equation

Appearance

Django JWT Authentication (Haskoning's Azure Entra ID)

This guide shows how to enable Haskoning's Azure Entra ID (AAD) JWT authentication in a Django / Django REST Framework (DRF) application using the haskoning-django-azure-auth-jwt package.

Overview

haskoning-django-azure-auth-jwt adds an authentication class that validates AAD access tokens. You can combine it with existing Django / DRF authentication (e.g. session or SimpleJWT) if required.

1. Install

Add the haskoning-django-azure-auth-jwt package (version as needed) to your project (Poetry / pip).

yaml
poetry add haskoning-django-azure-auth-jwt

Then update INSTALLED_APPS.

python
INSTALLED_APPS = [
    'haskoning_django_azure_auth_jwt',
    # ... other apps ...
]

2. DRF Authentication Classes

Place the Entra ID Authentication class FIRST so its tokens are accepted before other classes attempt validation.

python
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'haskoning_django_azure_auth_jwt.authentication.entra.EntraIDJWTAuthentication',  # must be first
        'rest_framework_simplejwt.authentication.JWTAuthentication',
        'mlg.disable_csrf.CsrfExemptSessionAuthentication',  # optional (example)
    ],
}

Why order matters

rest_framework_simplejwt.authentication.JWTAuthentication will reject Azure Entra ID tokens (if they are not signed with your local SimpleJWT secret). If it runs first, the request fails and DRF never reaches the Entra ID validator. Putting EntraIDJWTAuthentication first ensures valid Microsoft tokens are accepted; other classes can still handle non-Azure tokens afterward.

3. Package Settings

Add these project-level settings (e.g. in settings.py).

python
# Allow using Django tokens (sessions / drf auth) alongside Azure AD JWT tokens
HASKONING_AUTH_USE_DJANGO_TOKEN = True

# Automatically create a local Django user when a valid Azure AD token for an unknown user is seen
# Set to False if you want to block unknown users instead
HASKONING_AUTH_CREATE_USER_AUTOMATICALLY = True

4. Minimal Complete Example

python
# settings.py
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    # ... other Django apps ...
    'haskoning_django_azure_auth_jwt',
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'haskoning_django_azure_auth_jwt.authentication.entra.EntraIDJWTAuthentication',
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ],
}

HASKONING_AUTH_USE_DJANGO_TOKEN = True
HASKONING_AUTH_CREATE_USER_AUTOMATICALLY = True

Now your Django / DRF app can authenticate requests using Haskoning's Entra ID JWT tokens!