python-dataporten-auth
Dataporten is an authentication, authorization and API platform for higher and lower education and research in Norway. Dataporten offers authentication of users to applications using OAuth 2.0 and the OpenID Connect.
Dataporten-auth is a client for dataporten that depends on social-auth-core.
This library is not compatible with the pre-refactor python-social-auth, see any version prior to 2.0.x for that. Furthermore, this is now a Python 3 based project; No attempts have been made to make it backwards compatible with Python 2.
If you are using the previous incarnation of python-dataporten-auth
:
dataporten-auth
, see Upgrading from dataporten-auth.
Installation
Install with pip install python-dataporten-auth
or by downloading the
source and running setup.py
.
Usage
Set up an application at Dataporten
There needs to exist an entry for your site/app at dataporten. Log in to dataporten's dashboard and create an application. The entry needs one or more redirect uris.
You can have several redirect-uris, and you will be needing at least one per plugin used.
The redirect uri is of the form <type>://<domainpath>/<suffix>/
,
where <type>
is one of http
or https
, <domainpath>
is the domain name of your site and an optional path, and the
<suffix>
is plugin-dependent. See the examples under
Plugins.
Set up your site
You'll need to set the client id and client secret generated by Dataporten in the settings of your app/site.
Both the name of the settings and the redirect uris depend on the plugins used. Add at least one of the plugins below.
See social's documentation for more.
Django
In your settings.py
:
- Add
'social_django'
toINSTALLED_APPS
. - Add one or more of the plugin names below to the start of
AUTHENTICATION_BACKENDS
. If you're also using user-models à la Django,'django.contrib.auth.backends.ModelBackend'
must be in the same list, following the plugins. - Set
SOCIAL_AUTH_DATAPORTEN_FEIDE_SSL_PROTOCOL
toTrue
to use SSL. *SOCIAL_AUTH_LOGIN_REDIRECT_URL
,SOCIAL_AUTH_NEW_USER_REDIRECT_URL
andSOCIAL_AUTH_REDIRECT_IS_HTTPS
will have to be set depending on the needs of your site. - If you use the Django admin, you might want to set
SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS
, for instance to['username', 'email']
.
Also see the settings in src\demosite\settings.py
in the source.
In your site's urls.py
, include:
url(PREFIX, include('social_django.urls', namespace='social')),
... where PREFIX is a string to start off the urls with. Empty
string, ''
, is fine.
Upgrading from dataporten-auth
See PSA's official migration document, here follows a summary.
- Install
python-social-auth
version 0.2.21. - Run migrations.
- Uninstall
dataporten-auth
- Install
python-dataporten-auth
. - Install
social-auth-app-django
. - In your
urls.py
rename'social.apps.django_app.urls'
to'social_django.urls'
. - In your
settings.py
, in this order:
- Rename
'social.apps.django_app.default'
to'social_django'
.- Replace all mentions of
'social.*'
with'social_core.*'
.- Replace all mentions of
psa
withsocial
.
- Run migrations for
social_django
. - Uninstall
python-social-auth
.
Plugins
dataporten.social.DataportenOAuth2
- Plugin name
dataporten.social.DataportenOAuth2
- Settings
-
Client id:
SOCIAL_AUTH_DATAPORTEN_KEY
Client secret:
SOCIAL_AUTH_DATAPORTEN_SECRET
- Scopes needed
-
userid
andprofile
, this is the default. - Username generated:
- Unique, alphanumeric string. You might want to let users change this generated username. The plugin only cares that a username exists and won't change the username back.
- Redirect-uri ends with
- /complete/dataporten/
- Example redirect uri:
- http://127.0.0.1/complete/dataporten/
dataporten.social.DataportenEmailOAuth2
- Plugin name
dataporten.social.DataportenEmailOAuth2
- Settings
-
Client id:
SOCIAL_AUTH_DATAPORTEN_EMAIL_KEY
Client secret:
SOCIAL_AUTH_DATAPORTEN_EMAIL_SECRET
- Scopes needed
-
email
, this must be explicitly allowed in the dashboard. - Username generated:
- From email-address
- Redirect-uri ends with
- /complete/dataporten_email/
- Example redirect uri:
- https://supersites.example.net/mysite/complete/dataporten_email/
dataporten.social.DataportenFeideOAuth2
- Plugin name
dataporten.social.DataportenFeideOAuth2
- Settings
-
Client id:
SOCIAL_AUTH_DATAPORTEN_FEIDE_KEY
Client secret:
SOCIAL_AUTH_DATAPORTEN_FEIDE_SECRET
- Scopes needed
-
userid-feide
, this must be explicitly allowed in the dashboard. - Username generated:
- From the Feide attribute
eduPersonPrincipalName
, which looks like an email address. - Redirect-uri ends with
- /complete/dataporten_feide/
- Example redirect uri:
- https://example.com/cheatsheet/complete/dataporten_feide/
Demo
The Demo needs Django 1.8 or newer.
- Get the source code
- Install dependencies:
pip install -r requirements/demo.txt
- Make an application at dataporten
- Edit the settings-file to set
SOCIAL_AUTH_DATAPORTEN_KEY
andSOCIAL_AUTH_DATAPORTEN_SECRET
- Set three redirect-uris, all starting with
http://127.0.0.1:8000
- Run
python mange.py runserver
- Visit http://127.0.0.1:8000 in a fresh browser. Log out doesn't work (yet),
so to reset, delete the file
db.sqlite3
and runpython mange.py runserver
again
Optionally, you can add other social
plugins as well.
Version: | 2.0.0 |
---|