Skip to content

Latest commit

 

History

History
144 lines (95 loc) · 3.52 KB

README.md

File metadata and controls

144 lines (95 loc) · 3.52 KB

Single-Sign-On Authentication Provider

This project is an SSO Authentication (or IdP) system based on Oauth2 for authorization token exchanges (and therefore authentication also).

It is compatible with Python 3.2+ and based on Django (version 1.10).

Pre-requirements

  • Python 3 (3.2 or later)
  • git
  • pip for Python 3.

Installation

  1. Download the sources:
git clone [email protected]:CommonsDev/sso.git
  1. Make a virtualenv either using virtualenvwrapper on the more basic mkvirtualenv:
python3 -m venv ./venv
source ./venv/bin/activate
  1. Install dependencies:

In production

pip install -r ./sso/requirements.txt

Or in development

pip install -r ./sso/requirements_local.txt
  1. Configure your private infos:
cp ./sso/core/settings/private.py{.sample,}

And customize the file ./sso/core/settings/private.py.

  1. Initialize the database (and the assets):

In production

mkdir ../data && chmod a+rw ../data
./manage.py migrate --settings=core.settings.prod
./manage.py collectstatic --settings=core.settings.prod

As we are using sqlite3, the data directory itself and the sqlite file must be writable by the web-server.

Or in a development environment

./manage.py migrate

Configuration

You should customize the core/settings/prod.py to your context.

Adapting ALLOWED_HOSTS to avoir error 400.

Running the project

./manage.py runserver

Using the web interface authentication

  1. Create a superuser: ./manage.py createsuperuser.

  2. Go to http://localhost:8000/ and log in.

  3. Go to http://localhost:8000/oauth/applications/register/ to create a new application with a "confidential" client type and a "authorization code" for the authorization grant type. Enter your redirect uri (URI's that will receive the authorization token).

  4. Go to localhost:8000/oauth/authorize/?client_id=MY_CLIENT_ID&response_type=code. Replace MY_CLIENT_ID with your actual client_id provided in the previous step. You should be prompted to authorize the app you created to share with your SSO, and redirected to the URI you provided, with an authorization code.

Using the OAuth API authentication

Example with a client credential.

  1. Register your app (http://localhost:8000/oauth/applications/register/) with client credentials as grant type, confidential for client type.

  2. Open a client for querying the API (here using HTTPie):

http --auth MY_CLIENT_ID:MY_CLIENT_SECRET -f http://localhost:8000/oauth/token/ grant_type=client_credentials

Replace "MY_CLIENT_ID" and "MY_CLIENT_SECRET" with these given when registering your app.

You should get a JSON response containing an access token like:

{
  "access_token": "4cb7pw6aElBGTpGVeCv9a3m7Yver3r",
  "expires_in": 36000,
  "scope": "write read",
  "token_type": "Bearer"
}

Technical details

It is based on these 3rd party libraries:

django-registration and oauth2_provider are wrapped and overridden by register and oauth apps.