Skip to content

Python social auth

Jump to bottom
Petri Riihikallio edited this page Aug 22, 2021 · 11 revisions

WebMark doesn't store any passwords for security reasons. Authentication is done by other services using OAuth2 and implemented with Python Social Auth. The required configuration is at the end of settings.py.

To make it work, you need to register WebMark in all authentication providers to be supported. Currently ORCiD, Google and Facebook are supported. The keys and secrets are in the .env file on the staging server. However, do not use those for development!! Set up a new registration at least with Google for development and testing locally. Put this key and secret in your local .env file. You can share this file with fellow developers, but do not post it on GitHub (you'd look clueless). For development you only need one registered authentication provider.

Google

Setting up Google OAuth requires several steps. However, it is good for development use since you can point it to localhost using http (sans TLS). This will guide you through the required fields:

  1. Log in Google Developer Dashboard. You may need to promote your Google ID to a developer ID.
  2. Set up the OAuth consent screen first:
    1. User-Type: External
    2. App name: QuantMark
    3. User support email: youremail@gmail.com
    4. Application home page: https://ohtup-staging.cs.helsinki.fi/qleader/
    5. Authorized domains: helsinki.fi
    6. Developer contact information: youremail@helsinki.fi
    7. Click Save and continue
    8. Add scopes:
      • ../auth/userinfo.email
      • ../auth/userinfo.profile
      • openid
    9. Click Save and continue
    10. Add your own and you developers team members' Google IDs
  3. Set up Credentials next:
    1. Click on Create credentials > OAuth Client ID
    2. Application type: Web application
    3. Name: QuantMark
    4. Authorized redirect URIs:
    5. Click Create and copy the Client ID and secret to your .env.

In case you inadvertly publish the credentials, you can always reset the secret by clicking the OAut 2.0 Client ID name on the Credentials page and clicking RESET SECRET at the top of the page. Just remember to copy the new secret to your .env and restart your server.

Repositories

Clone this wiki locally