cesnet-openid-remote 1.0.0

CESNET OIDC Auth backend for OARepo

..

CESNET OIDC Auth backend for OARepo

This remote backend is appropriate for e.g. a SPA application which communicates with Invenio via REST calls.

1. Register a new application with CESNET OIDC Provider. When registering the application ensure that the Redirect URI points to:

https://<my_invenio_site>:5000/api/oauth/authorized/eduid/

2. Grab the Client ID and Client Secret after registering the application and add them to your ENVIRONMENT (.env):

OPENIDC_KEY=*Client ID*
OPENIDC_SECRET=*Client Secret*

4. Now access the login page from your SPA using CESNET OAuth:

    window.location =
    "https://<my_invenio_site>:5000/api/oauth/login/eduid?next=<my_next_page>";

By default the CESNET module will try first look if a link already exists between an eduID account and a user. If no link is found, it will be created. Any external Perun groups will be automatically linked to invenio roles on each login. For more details you can play with a :doc:working example <examplesapp>.

Customization

To customize group handling and validation, refer to your custom validation and parse functions using the following config values:

OAUTHCLIENT_CESNET_OPENID_GROUP_VALIDATOR = 'cesnet_openid_remote.groups.validate_group_uri'
"""Function used to validate external group URI."""

OAUTHCLIENT_CESNET_OPENID_GROUP_PARSER = 'cesnet_openid_remote.groups.parse_group_uri'
"""Function used to parse external group URI to (UUID, extra_data) pair."""

Further documentation is available on https://cesnet-openid-remote.readthedocs.io/

Copyright (C) 2021 CESNET.

CESNET-OpenID-Remote is free software; you can redistribute it and/or modify it under the terms of the MIT License; see LICENSE file for more details.

.. Copyright (C) 2021 CESNET.

CESNET-OpenID-Remote is free software; you can redistribute it and/or
modify it under the terms of the MIT License; see LICENSE file for more
details.

Changes

Version 0.1.0 (released TBD)

• Initial public release.