python-dataporten-auth

python-dataporten-auth

Dataporten_ is an authentication, authorization and API platform for higher and lower education and research in Norway. Dataporten offers authentication of users to applications using OAuth 2.0 and the OpenID Connect.

Dataporten-auth is a client for dataporten that depends on social-auth-core_.

This library is not compatible with the pre-refactor python-social-auth_, see any version prior to 2.0.x for that. Furthermore, this is now a Python 3 based project; No attempts have been made to make it backwards compatible with Python 2.

If you are using the previous incarnation of python-dataporten-auth: dataporten-auth, see Upgrading from dataporten-auth_.

Installation

Install with pip install python-dataporten-auth or by downloading the source and running setup.py.

Usage

Set up an application at Dataporten ...................................

There needs to exist an entry for your site/app at dataporten. Log in to dataporten's dashboard_ and create an application. The entry needs one or more redirect uris.

You can have several redirect-uris, and you will be needing at least one per plugin used.

The redirect uri is of the form <type>://<domainpath>/<suffix>/, where <type> is one of http or https, <domainpath> is the domain name of your site and an optional path, and the <suffix> is plugin-dependent. See the examples under Plugins.

Set up your site ................

You'll need to set the client id and client secret generated by Dataporten in the settings of your app/site.

Both the name of the settings and the redirect uris depend on the plugins used. Add at least one of the plugins below.

See social's documentation_ for more.

Django ......

In your settings.py:

• Add 'social_django' to INSTALLED_APPS.
• Add one or more of the plugin names below to the start of AUTHENTICATION_BACKENDS. If you're also using user-models à la Django, 'django.contrib.auth.backends.ModelBackend' must be in the same list, following the plugins.
• Set SOCIAL_AUTH_DATAPORTEN_FEIDE_SSL_PROTOCOL to True to use SSL. * SOCIAL_AUTH_LOGIN_REDIRECT_URL, SOCIAL_AUTH_NEW_USER_REDIRECT_URL and SOCIAL_AUTH_REDIRECT_IS_HTTPS will have to be set depending on the needs of your site.
• If you use the Django admin, you might want to set SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS, for instance to ['username', 'email'].

Also see the settings in src\demosite\settings.py in the source.

In your site's urls.py, include:

url(PREFIX, include('social_django.urls', namespace='social')),

... where PREFIX is a string to start off the urls with. Empty string, '', is fine.

Upgrading from dataporten-auth

See PSA's official migration document_, here follows a summary.

• Install python-social-auth version 0.2.21.

• Run migrations.

• Uninstall dataporten-auth

• Install python-dataporten-auth.

• Install social-auth-app-django.

• In your urls.py rename 'social.apps.django_app.urls' to 'social_django.urls'.

• In your settings.py, in this order:

• Rename 'social.apps.django_app.default' to 'social_django'.

• Replace all mentions of 'social.*' with 'social_core.*'.

• Replace all mentions of psa with social.

• Run migrations for social_django.

• Uninstall python-social-auth.

Plugins

dataporten.social.DataportenOAuth2 ..................................

Plugin name dataporten.social.DataportenOAuth2

Settings Client id: SOCIAL_AUTH_DATAPORTEN_KEY

Client secret: ``SOCIAL_AUTH_DATAPORTEN_SECRET``

Scopes needed userid and profile, this is the default.

Username generated: Unique, alphanumeric string. You might want to let users change this generated username. The plugin only cares that a username exists and won't change the username back.

Redirect-uri ends with /complete/dataporten/

Example redirect uri: http://127.0.0.1/complete/dataporten/

dataporten.social.DataportenEmailOAuth2 .......................................

Plugin name dataporten.social.DataportenEmailOAuth2

Settings Client id: SOCIAL_AUTH_DATAPORTEN_EMAIL_KEY

Client secret: ``SOCIAL_AUTH_DATAPORTEN_EMAIL_SECRET``

Scopes needed email, this must be explicitly allowed in the dashboard.

Username generated: From email-address

Redirect-uri ends with /complete/dataporten_email/

Example redirect uri: https://supersites.example.net/mysite/complete/dataporten_email/

dataporten.social.DataportenFeideOAuth2 .......................................

Plugin name dataporten.social.DataportenFeideOAuth2

Settings Client id: SOCIAL_AUTH_DATAPORTEN_FEIDE_KEY

Client secret: ``SOCIAL_AUTH_DATAPORTEN_FEIDE_SECRET``

Scopes needed userid-feide, this must be explicitly allowed in the dashboard.

Username generated: From the Feide attribute eduPersonPrincipalName, which looks like an email address.

Redirect-uri ends with /complete/dataporten_feide/

Example redirect uri: https://example.com/cheatsheet/complete/dataporten_feide/

Demo

The Demo needs Django 1.8 or newer.

• Get the source code
• Install dependencies: pip install -r requirements/demo.txt
• Make an application at dataporten
• Edit the settings-file to set SOCIAL_AUTH_DATAPORTEN_KEY and SOCIAL_AUTH_DATAPORTEN_SECRET
• Set three redirect-uris, all starting with http://127.0.0.1:8000
• Run python mange.py runserver
• Visit http://127.0.0.1:8000 in a fresh browser. Log out doesn't work (yet), so to reset, delete the file db.sqlite3 and run python mange.py runserver again

Optionally, you can add other social plugins as well.

.. _Dataporten: https://docs.dataporten.no/ .. _social-auth-core: https://python-social-auth.readthedocs.io/en/latest/ .. _dataporten's dashboard: https://dashboard.dataporten.no/ .. _social's documentation: https://python-social-auth.readthedocs.io/en/latest/ .. _python-social-auth: https://pypi.python.org/pypi/python-social-auth .. _PSA's official migration document: https://github.com/omab/python-social-auth/blob/master/MIGRATING_TO_SOCIAL.md

:Version: 2.0.0