OpenConceptLab/ocl_issues#1338 | oidc settings and package

OpenConceptLab · Aug 1, 2022 · 565dd6c · 565dd6c
1 parent f32186c
commit 565dd6c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/core/settings.py b/core/settings.py
@@ -63,6 +63,7 @@
 INSTALLED_APPS = [
     'django.contrib.admin',
     'django.contrib.auth',
+    'mozilla_django_oidc',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.messages',
@@ -90,12 +91,12 @@
     'core.client_configs',
     'core.tasks',
 ]
-
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': (
         'rest_framework.permissions.IsAuthenticated',
     ),
     'DEFAULT_AUTHENTICATION_CLASSES': (
+        'mozilla_django_oidc.contrib.drf.OIDCAuthentication',
         'rest_framework.authentication.TokenAuthentication',
     ),
     'DEFAULT_RENDERER_CLASSES': (
@@ -108,6 +109,11 @@
     'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema',
     'DEFAULT_CONTENT_NEGOTIATION_CLASS': 'core.common.negotiation.OptionallyCompressContentNegotiation',
 }
+OIDC_DRF_AUTH_BACKEND = 'core.common.backends.OCLOIDCAuthenticationBackend'
+AUTHENTICATION_BACKENDS = (
+    OIDC_DRF_AUTH_BACKEND,
+)
+
 
 SWAGGER_SETTINGS = {
     'PERSIST_AUTH': True,
@@ -168,7 +174,6 @@
 
 # Database
 # https://docs.djangoproject.com/en/3.0/ref/settings/#databases
-
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql',
@@ -389,4 +394,23 @@
 # Errbit
 ERRBIT_URL = os.environ.get('ERRBIT_URL', 'http://errbit:8080')
 ERRBIT_KEY = os.environ.get('ERRBIT_KEY', 'errbit-key')
+
+# Repo Export Upload/download
 EXPORT_SERVICE = os.environ.get('EXPORT_SERVICE', 'core.common.services.S3')
+
+# keyCloak/OIDC Provider settings
+OIDC_RP_CLIENT_ID = os.environ.get('OIDC_RP_CLIENT_ID', 'ocllocal')
+OIDC_RP_CLIENT_SECRET = os.environ.get('OIDC_RP_CLIENT_SECRET', 'ZhuQY8Ps6osM3wJagmwItSuQmY2bgX3Q')
+OIDC_SERVER_URL = os.environ.get('OIDC_SERVER_URL', 'http://localhost:8080')
+OIDC_SERVER_INTERNAL_URL = os.environ.get('OIDC_SERVER_URL', 'http://host.docker.internal:8080')
+OIDC_REALM = os.environ.get('OIDC_REALM', 'ocl')
+OIDC_OP_AUTHORIZATION_ENDPOINT = f'{OIDC_SERVER_URL}/realms/{OIDC_REALM}/protocol/openid-connect/auth'
+OIDC_OP_TOKEN_ENDPOINT = f'{OIDC_SERVER_INTERNAL_URL}/realms/{OIDC_REALM}/protocol/openid-connect/token/'
+OIDC_OP_USER_ENDPOINT = f'{OIDC_SERVER_INTERNAL_URL}/realms/{OIDC_REALM}/protocol/openid-connect/userinfo/'
+OIDC_RP_SIGN_ALGO = 'RS256'
+OIDC_OP_JWKS_ENDPOINT = f'{OIDC_SERVER_INTERNAL_URL}/realms/{OIDC_REALM}/protocol/openid-connect/certs'
+OIDC_VERIFY_SSL = False
+OIDC_VERIFY_JWT = True
+OIDC_RP_SCOPES = 'openid profile email roles role_list'
+OIDC_STORE_ACCESS_TOKEN = True
+LOGIN_REDIRECT_URL = '/'
diff --git a/requirements.txt b/requirements.txt
@@ -33,3 +33,4 @@ django-request-logging==0.7.5
 django-cid==2.3
 django-dirtyfields==1.8.1
 jsonpath-ng==1.5.3
+mozilla-django-oidc==2.0.0