Alliance Auth OIDC Provider
Project description
allianceauth_oidc
Allianceauth OIDC Provider
Beta Testing ONLY!
Features
- OIDC / OAuth2
- Scopes Available
- openid
- profile
- Includes
groups
claim with all a members groups and state as a list of strings
- Includes
- Scopes Available
- Application level permissions
- global access
- State access
- group access
Setup/Install:
-
pip install allianceauth-oidc-provider
-
add to INSTALLED_APPS
'allianceauth_oidc', 'oauth2_provider',
-
Extra Settings Required
OAUTH2_PROVIDER_APPLICATION_MODEL='allianceauth_oidc.AllianceAuthApplication' OAUTH2_PROVIDER = { "OIDC_ENABLED": True, # https://django-oauth-toolkit.readthedocs.io/en/stable/oidc.html#creating-rsa-private-key "OIDC_RSA_PRIVATE_KEY": os.environ.get('OIDC_RSA_PRIVATE_KEY'), ## Load your private key into an env variable "OAUTH2_VALIDATOR_CLASS": "allianceauth_oidc.auth_provider.AllianceAuthOAuth2Validator", "SCOPES": { "openid": "User Profile", "email": "Registered email", "profile": "Main Character affiliation and Auth groups" }, "PKCE_REQUIRED": False, "APPLICATION_ADMIN_CLASS": "allianceauth_oidc.admin.ApplicationAdmin", 'ACCESS_TOKEN_EXPIRE_SECONDS': 60, 'REFRESH_TOKEN_EXPIRE_SECONDS': 24*60*60, 'ROTATE_REFRESH_TOKEN': True, }
Please see this for more info on creating and managing a private key
-
Add the endpoints to your
urls.py
path('o/', include('allianceauth_oidc.urls', namespace='oauth2_provider')),
-
run migrations
-
restart auth
Application setup
The Big 4
- Authorization:
https://your.url/o/authorize/
- Token:
https://your.url/o/token/
- Profile:
https://your.url/o/userinfo/
- Issuer
http://your.url/o
yes that is http not http
Claims
openid profile email
Claim key mapping
name
Eve Main Character Name ( Profile Grant? )email
Registered email on auth ( Email Grant )groups
List of all groups with the members state thrown in too ( Profile Grant )sub
PK of user model
WikiJS
Manually create and groups you care for your users to have in the wiki and the service will map them for you. This greatly cuts down on group spam.
in auth create Administrators
to give access to the full wiki admin site.
Administration > Authentication > Generic OpenID Connect / OAuth2
- Skip User Profile
off
- Email claim
email
- Display Name Claim
name
- Map Groups
on
- Groups Claim
groups
- Allow Self Registration
on
Grafana
Tested only with access no group mapping as yet
TODO get the group links working
/etc/grafana/grafana.ini
[auth.generic_oauth]
enabled = true
name = Your Site Name
allow_sign_up = true
client_id = ******
client_secret = *****
scopes = openid,email,profile
empty_scopes = false
email_attribute_path = email
name_attribute_path = name
auth_url = https://your.url/o/authorize/
token_url = https://your.url/o/token/
api_url = https://your.url/o/userinfo/
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for allianceauth_oidc_provider-0.0.1b3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | bf2ea52f82e679602d6ec6e97d90f9a934a530e98084190e70f399536f927411 |
|
MD5 | 4a3910f706e32f7792c8897157e3ed9d |
|
BLAKE2b-256 | 7ddd3d4edebc455446fd224dc9697db3d85974d408e3f6ff1c74761462d31148 |
Close
Hashes for allianceauth_oidc_provider-0.0.1b3-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 84aea696ace405c1849927296ea4be4f5b22e63e7bc1c3e101cf92ab32ee18ca |
|
MD5 | b08a35c64c35eb51824c734ebc37d9c6 |
|
BLAKE2b-256 | 02a405908677027106b0b40866b3869ba94d6fa6566aca467601e67aa9a7662b |