![License](https://img.shields.io/pypi/l/iitb-oauth.svg)
Django Oauth2 Client to authenticate using IIT Bombay gymkhana SSO
A small package for LDAP authentication using IIT Bombay gymkhana SSO.
Motivation
SSO can be a tricky thing to setup and bugs can be time consuming to debug. With people moving away from PHP to Django and node, this module can be used to quickly define custom callbacks that map the user details obtained from IIT Bombay gymkhana SSO to your Django user model. You get a quick and easy way to programatically create users once they are authenticated.
Setting up in your app
For using this Django app, the following steps must be done:
INSTALLED_APPS = [
'iitb_oauth'
]
AUTHENTICATION_BACKENDS = [
'iitb_oauth.backend.OauthBackend'
]
Step 2: Add the oauth urls to the root website:
urlpatterns = [
url(r'', include('iitb_oauth.urls')),
]
Step 3: Add the LOGIN_URL and corresponding OAUTH config settings for your application.
Also add the FALLBACK_URL
as a fallback in case OAuth authentication fails. Example:
AUTH_PROFILE_MODULE = ""
LOGIN_URL = "/login/"
FALLBACK_URL = "/"
CLIENT_ID = 'my-id'
CLIENT_SECRET = '<secret>'
SCOPE = 'ldap'
FIELDS = 'username'
REDIRECT_URI = '<app_redirect_url>'
LOGIN_COMPLETE_REDIRECT = '/some/url/in/your/app'
LOGOUT_REDIRECT = '/'
MAPPINGS = {
"first_name": "first_name",
"last_name": "last_name"
}
PROFILE_MAPPING = {
"roll_number" : "roll_number"
}
Usage
Once you try to access some endpoint that has the @login_required
decorator on top of it, you'll be redirected to the login URI that you defined. The user is authenticated using IITB gymkhana SSO and any other backends you provided. Upon successful authentication the url specified in LOGIN_COMPLETE_REDIRECT
are called and the callbacks are used to shape your user into the form that you've provided. If authentication fails due to any reason or if the user does not have permission, he will be redirected to the URI specified in FALLBACK_URL
.
License
MIT