openedx / auth-backends Goto Github PK
View Code? Open in Web Editor NEWCustom authentication backends and views for edX services
License: GNU Affero General Public License v3.0
Custom authentication backends and views for edX services
License: GNU Affero General Public License v3.0
We currently use the same OAuth credentials for all tenants on our IDAs. This works because the auth service (LMS) is not truly multi-tenant. Just because LMS is not truly multi-tenant doesn't mean our IDAs cannot be.
Most of the IDAs use the Django sites framework coupled with a custom model (e.g. SiteConfiguration
). We should properly codify this implementation in https://github.com/edx/edx-django-extensions. Once that is done, we can create a new strategy that is multi-tenant-aware.
If we ever get to the point of separating users, we should explore a new storage backend as well as discussed in omab/python-social-auth#552.
This repository is a depedency of edx-platform and needs to be upgraded to Python 3.11 before
the Readwood release is cut (mid-April).
Hello,
I believe there is a spelling error at the file auth_backends/backends.py, line 12
I think it should be written 'fullname' without underscores, and not 'full_name'.
This is used for mapping the claims provided in the JWT returned by the OAuth authorization code grant flow, but the name 'full_name' is not recognized at the 'registration' part of the pipeline, which in turn leaves the corresponding registration field empty, making it impossible to proceed with a SSO without the user confirming the registration form (in the case it's the first time a user gets registered in by means of third party SSO).
Changing it into 'fullname' makes this work.
Tested using a production environment using the "auth_backends.backends.EdXOAuth2" backend used for SSO of LMS with a custom OAuth2 identity provider.
I don't know if it was the original purpose, but I found this implementation to be very useful to be used for SSO with a generic third party OAuth2 Identity Provider implemented in house (not one of those well known public providers already listed in python-social-auth).
Hi,
I'm trying to configure my Django app to authenticate the users with an Open Edx installation thought OAuth2, but I can't get the app to redirect to the OAuth login, it just show me this url: http://127.0.0.1:8000/login/edx-oidc/?next=/
My settings:
INSTALLED_APPS = [
'home',
'social_django',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'social_django.middleware.SocialAuthExceptionMiddleware', # <--
]
ROOT_URLCONF = 'login.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [
# os.path.join(BASE_DIR,'home/templates')
],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'social_django.context_processors.backends',
'social_django.context_processors.login_redirect',
],
},
},
]
WSGI_APPLICATION = 'login.wsgi.application'
# Database
# https://docs.djangoproject.com/en/2.0/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
# Password validation
# https://docs.djangoproject.com/en/2.0/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
# Internationalization
# https://docs.djangoproject.com/en/2.0/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.0/howto/static-files/
STATIC_URL = '/static/'
#Some other dependencies
AUTHENTICATION_BACKENDS = (
'auth_backends.backends.EdXOAuth2',
# 'auth_backends.backends.EdXOpenIdConnect',
'django.contrib.auth.backends.ModelBackend',
)
LOGIN_URL = '/login/'
# EDX OAuth2 config
SOCIAL_AUTH_EDX_OAUTH2_KEY = '<client_id>'
SOCIAL_AUTH_EDX_OAUTH2_SECRET = '<client_secret>'
SOCIAL_AUTH_EDX_OAUTH2_ENDPOINT = 'https://<openedxapp>/oauth2/access_token'
SOCIAL_AUTH_STRATEGY = 'auth_backends.strategies.EdxDjangoStrategy'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.