New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The OneLoginOIDC Oauth backend is not compatible with the latest version of social-auth-core #881
Comments
@ezrajrice my impression for the brief look that we took at this is that we don't need to switch from |
To clarify, we need to subclass the OIDC backend to implement a OneLogin-specific backend. However, with some of the changes to the OIDC backend in the newest version, we may be close to being able to implement it without overriding any of the methods (i.e.: configuration). That said, once we get it working, we ought to submit the OneLogin as an official backend. |
I FIGURED IT OUT! In portal_config.yml, we need to add the SOCIAL_AUTH_ONELOGIN_OIDC_TOKEN_ENDPOINT_AUTH_METHOD setting for OneLogin. Below is the example for the single tenant configuration. The same process would be used for multi-tenant configuration, but you'd have to add it for each tenant. This setting defaults to GET if it isn't included. I just need to update the documentation so that this setting matches how the admin configured the SSO and then we can remove the custom method overrides for settings:
...
OAUTH_CONFIG:
SOCIAL_AUTH_ONELOGIN_OIDC_KEY: <sso_key>
SOCIAL_AUTH_ONELOGIN_OIDC_SECRET: <sso_secret>
SOCIAL_AUTH_ONELOGIN_OIDC_SUBDOMAIN: https://example.onelogin.com
SOCIAL_AUTH_ONELOGIN_OIDC_TOKEN_ENDPOINT_AUTH_METHOD: POST |
Excellent @ezrajrice. Thank you for digging in on this issue. Will you prepare a PR with the needed doc changes? |
@swainn Yeah I'll get that in this week. |
@ezrajrice any progress on this? |
@swainn yeah sorry, just trying to setup the upstream and rebase then I still need to update the docs. Question though, how does the |
Good question. I believe you can set arbitrary keys just like you can at the top level. Give it a try and let me know if it works. |
Hey @ezrajrice we're likely releasing 4.2 next week, do you want to try to get this fix in for that? |
From @ezrajrice
OS: Ubuntu 22.04
After updating social-auth-core from version 4.0.2 to 4.3.0, I was able to update pyjwt from 1.7.0 to 2.6.0.
I am using OneLogin MultiTenant configuration for this test and I am getting an error shown below. Not sure what's going on. I'm fairly sure I have it configured in the same way as a working config. The only difference is me trying to use the localhost redirect urls. Also, I checked the OneLogin logs and they show successful login to the dev app. It seems to me that there is something on the Tethys side blocking the final authentication.
See discussion in #880
The text was updated successfully, but these errors were encountered: