{"id":3973,"library":"django-scim2","title":"Django SCIM 2.0 Service Provider","description":"A partial implementation of the SCIM 2.0 provider specification for use with Django. It enables automatic provisioning and deprovisioning of user accounts and groups, facilitating identity synchronization across various identity providers and applications. The current stable version, as listed on PyPI, is 0.19.1, with development being stable and new releases occurring periodically, often focusing on Fridays.","status":"active","version":"0.19.1","language":"en","source_language":"en","source_url":"https://github.com/15five/django-scim2","tags":["Django","SCIM","identity management","provisioning","authentication","SaaS","REST API"],"install":[{"cmd":"pip install django-scim2","lang":"bash","label":"Install latest stable version"}],"dependencies":[{"reason":"Core web framework integration.","package":"Django","optional":false},{"reason":"Used for parsing SCIM filter queries.","package":"scim2-filter-parser","optional":false},{"reason":"Provides core SCIM 2.0 data models and schema definitions.","package":"scim2-models","optional":false},{"reason":"Currently, it is the only officially supported database.","package":"PostgreSQL","optional":true}],"imports":[{"note":"The PyPI package name uses a hyphen, but the import path uses an underscore.","wrong":"from django_scim2.middleware import SCIMAuthCheckMiddleware","symbol":"SCIMAuthCheckMiddleware","correct":"from django_scim.middleware import SCIMAuthCheckMiddleware"},{"symbol":"urls","correct":"from django.urls import path, include\npath('scim/v2/', include('django_scim.urls'))"},{"note":"Used for creating an adapter for Django User objects.","symbol":"SCIMUser","correct":"from django_scim.adapters import SCIMUser"},{"note":"Used for creating an adapter for Django Group objects.","symbol":"SCIMGroup","correct":"from django_scim.adapters import SCIMGroup"}],"quickstart":{"code":"import os\n\n# settings.py example\nINSTALLED_APPS = [\n    # ... other Django apps\n    'django_scim',\n]\n\n# Note: As of 0.18.0, SCIMAuthCheckMiddleware is applied as a decorator\n# to SCIM views and typically no longer needs to be in MIDDLEWARE.\n# If you need custom auth check middleware, specify it in SCIM_SERVICE_PROVIDER.\nMIDDLEWARE = [\n    # ... your authentication middleware (e.g., 'django.contrib.auth.middleware.AuthenticationMiddleware')\n    # 'django_scim.middleware.SCIMAuthCheckMiddleware', # DEPRECATED: See warning for 0.18.0\n    # Make sure your actual authentication middleware comes BEFORE this one if you add it directly.\n    # The SCIMAuthCheckMiddleware checks request.user.is_anonymous() by default.\n]\n\n# Required SCIM settings\nSCIM_SERVICE_PROVIDER = {\n    'NETLOC': os.environ.get('SCIM_NETLOC', 'localhost:8000'), # E.g., 'your-domain.com'\n    'AUTHENTICATION_SCHEMES': [\n        {\n            'type': 'oauth2',\n            'name': 'OAuth 2',\n            'description': 'OAuth 2 implemented with bearer token',\n        },\n    ],\n    # Optional: Customize the authentication check middleware\n    # 'AUTH_CHECK_MIDDLEWARE': 'your_app.middleware.CustomSCIMAuthMiddleware',\n    # Optional: Expose SCIM exceptions to clients (defaults to False for security)\n    # 'EXPOSE_SCIM_EXCEPTIONS': os.environ.get('SCIM_EXPOSE_EXCEPTIONS', False),\n}\n\n# urls.py example\nfrom django.contrib import admin\nfrom django.urls import path, include\n\nurlpatterns = [\n    path('admin/', admin.site.urls),\n    path('scim/v2/', include('django_scim.urls')), # Namespace 'scim' is mandatory\n]","lang":"python","description":"To integrate `django-scim2`, add `django_scim` to `INSTALLED_APPS` and configure the `SCIM_SERVICE_PROVIDER` settings. Crucially, include `django_scim.urls` in your project's `urls.py` with the mandatory namespace `scim`. Note that as of version 0.18.0, the `SCIMAuthCheckMiddleware` is applied as a decorator to views, so it typically no longer needs to be added directly to the `MIDDLEWARE` setting. If you implement custom authentication, ensure it runs before SCIM processing."},"warnings":[{"fix":"Review Django project settings for `USE_L10N`. If present, remove it or ensure compatibility with Django 5+. Test thoroughly after upgrading.","message":"Version 0.20.0 (released April 2025) removed the `USE_L10N` setting, which impacts projects using Django 5+ as this setting is deprecated/removed in newer Django versions. Ensure your project is compatible or handle the removal.","severity":"breaking","affected_versions":"0.20.0+"},{"fix":"Remove `SCIMAuthCheckMiddleware` from your Django `MIDDLEWARE` setting. If custom authentication checks are needed, configure them via `SCIM_SERVICE_PROVIDER['AUTH_CHECK_MIDDLEWARE']`.","message":"In version 0.18.0, `SCIMAuthCheckMiddleware` transitioned from a global `MIDDLEWARE` setting to a decorator directly applied to SCIM view functions. It should no longer be listed in `MIDDLEWARE`. Customization is now done via the `AUTH_CHECK_MIDDLEWARE` key in `SCIM_SERVICE_PROVIDER`.","severity":"breaking","affected_versions":"0.18.0+"},{"fix":"Ensure all SCIM IDs are unique in your data. Upgrade your Django project to version 2.2.13 or newer before upgrading `django-scim2` to 0.16.0 or later.","message":"Version 0.16.0 introduced two significant breaking changes: SCIM IDs are now required to be unique across all objects of a specific model, and compatibility with Django versions before 2.2.13 was dropped.","severity":"breaking","affected_versions":"0.16.0+"},{"fix":"Integrate a separate authentication/authorization solution (e.g., Django REST Framework authentication, Django OAuth Toolkit) into your Django project. Ensure SCIM endpoints are protected appropriately.","message":"The library explicitly states that it does not implement authorization and authentication itself. These tasks are left for other Django apps (e.g., Django OAuth Toolkit) to provide. The `SCIMAuthCheckMiddleware` (or its decorator equivalent) simply checks `request.user.is_anonymous()` by default.","severity":"gotcha","affected_versions":"all"},{"fix":"Verify the order of your middleware. Place any authentication-related middleware (e.g., `AuthenticationMiddleware`) before `django_scim`'s authentication checks.","message":"The `SCIMAuthCheckMiddleware` (or the underlying decorator logic) must be processed *after* your primary Django authentication middleware. Otherwise, `request.user` might still be `AnonymousUser` when the SCIM check occurs, leading to unintended access denials.","severity":"gotcha","affected_versions":"all"},{"fix":"Ensure your Django project is configured to use PostgreSQL as its database backend for applications leveraging `django-scim2`.","message":"Currently, the only supported database for `django-scim2` is PostgreSQL. Using other database backends may lead to unexpected behavior or errors.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}