Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Single-Sign-On Authentication Provider

This project is an SSO Authentication (or IdP) system based on Oauth2 for authorization token exchanges (and therefore authentication also).

It is compatible with Python 3.2+ and based on Django (version 1.10).


  • Python 3 (3.2 or later)
  • git
  • pip for Python 3.


  1. Download the sources:
git clone
  1. Make a virtualenv either using virtualenvwrapper on the more basic mkvirtualenv:
python3 -m venv ./venv
source ./venv/bin/activate
  1. Install dependencies:

In production

pip install -r ./sso/requirements.txt

Or in development

pip install -r ./sso/requirements_local.txt
  1. Configure your private infos:
cp ./sso/core/settings/{.sample,}

And customize the file ./sso/core/settings/

  1. Initialize the database (and the assets):

In production

mkdir ../data && chmod a+rw ../data
./ migrate
./ collectstatic

As we are using sqlite3, the data directory itself and the sqlite file must be writable by the web-server.

Or in a development environment

./ migrate


You should customize the core/settings/ to your context.

Adapting ALLOWED_HOSTS to avoir error 400.

Running the project

./ runserver

Using the web interface authentication

  1. Create a superuser: ./ createsuperuser.

  2. Go to http://localhost:8000/ and log in.

  3. Go to http://localhost:8000/oauth/applications/register/ to create a new application with a "confidential" client type and a "authorization code" for the authorization grant type. Enter your redirect uri (URI's that will receive the authorization token).

  4. Go to localhost:8000/oauth/authorize/?client_id=MY_CLIENT_ID&response_type=code. Replace MY_CLIENT_ID with your actual client_id provided in the previous step. You should be prompted to authorize the app you created to share with your SSO, and redirected to the URI you provided, with an authorization code.

Using the OAuth API authentication

Example with a client credential.

  1. Register your app (http://localhost:8000/oauth/applications/register/) with client credentials as grant type, confidential for client type.

  2. Open a client for querying the API (here using HTTPie):

http --auth MY_CLIENT_ID:MY_CLIENT_SECRET -f http://localhost:8000/oauth/token/ grant_type=client_credentials

Replace "MY_CLIENT_ID" and "MY_CLIENT_SECRET" with these given when registering your app.

You should get a JSON response containing an access token like:

  "access_token": "4cb7pw6aElBGTpGVeCv9a3m7Yver3r",
  "expires_in": 36000,
  "scope": "write read",
  "token_type": "Bearer"

Technical details

It is based on these 3rd party libraries:

django-registration and oauth2_provider are wrapped and overridden by register and oauth apps.


No description, website, or topics provided.






No releases published


No packages published