selfauth 1.1.1

Self Street integration with Django for SSO.

Self OpenID Client

Django plugin that replaces the standard Django user model and replaces it with Self Street OpenID integration.

Note: This project is open source but currently only being used within Column Street. If you would like to integrate Self logging into your website/app/project please reach out to us so we can discuss.

Use

This package is a thin layer on top of the mozilla-django-oidc project, therefore integration is very similar.

1. Register Application with Self

Either contact an admin, or initiate it via the administrator board in Self.

2. Install Package

pip install selfauth

3. Add & Modify Settings

The following settings need to be initialized. Inside your INSTALLED_APPS make sure to add mozilla_django_oidc and selfauth right after django.contrib.auth.

INSTALLED_APPS = [
    ...,
    "django.contrib.auth",
    "mozilla_django_oidc",
    "selfauth",
    ...
]

At the end of your settings file you can then add the following:

# =======================================================================================================
# Self Street

# Custom User Model
# https://docs.djangoproject.com/en/3.1/topics/auth/customizing/#substituting-a-custom-user-model
# This custom user model is used with the OIDC backend to ensure Self and Meta communicate properly.
AUTH_USER_MODEL = "selfauth.User"

# Authentication Backend
# https://docs.djangoproject.com/en/3.1/topics/auth/customizing/#specifying-authentication-backends
# Must be modified so that the OpenID plugin can automatically create users
# based on the login of the user from Self. We use a custom authentication so that
# we take care of user updates and uniqueness.
AUTHENTICATION_BACKENDS = ("selfauth.auth.SelfAuthenticationBackend",)

# OpenID
# https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html#choose-the-appropriate-algorithm
# These are settings related to the OpenID Connect Client.

# Client ID and Secret
OIDC_RP_CLIENT_ID = ""
OIDC_RP_CLIENT_SECRET = ""

# Server Endpoints
OIDC_OP_ENDPOINT = "https://self.st"
OIDC_OP_JWKS_ENDPOINT = OIDC_OP_ENDPOINT + "/o/jwks/"
OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_OP_ENDPOINT+ "/o/authorize/"
OIDC_OP_TOKEN_ENDPOINT = OIDC_OP_ENDPOINT + "/o/token/"
OIDC_OP_USER_ENDPOINT = OIDC_OP_ENDPOINT + "/o/userinfo/"

# Scopes
# https://github.com/mozilla/mozilla-django-oidc/blob/master/mozilla_django_oidc/auth.py#L84
# These are the default scopes that any OpenID Client with Self has access to. Add any extra if you have. 
OIDC_RP_SCOPES = "openid profile email"

# Custom Test Page
# Enables test webpage at self.st/login.
AUTH_TEST = True
AUTH_TEST_PATH = "login"
# =======================================================================================================

Make sure to modify the following varaibles:

• OIDC_RP_CLIENT_ID: Client ID given and generated by Self.
• OIDC_RP_CLIENT_SECRET: Client secret given and generated by Self. Recommended to be passed as an env variable.

4. Create Migrations

python manage.py makemigrations
python manage.py migrate

5. Routes

Logging can be done found via the router oidc_authentication_init, and logout via oidc_logout. This is defined in the mozilla-django-oidc docs here. Make sure to set the routes:

from django.urls import path, include

urlpatterns = [
    ...
    path("", include("selfauth.urls")),
]

6. Testing

If you would like to test the framework, enabling the AUTH_TEST variable will allow you to access the test page in the AUTH_TEST_PATH path. In the case above the test page will be in http://example.com/login.