This project is an SSO Authentication (or IdP) system based on Oauth2 for authorization token exchanges (and therefore authentication also).

It is compatible with Python 3.2+ and based on Django (version 1.10).

• Python 3 (3.2 or later)
• git
• pip for Python 3.

1. Download the sources:

git clone git@github.com:CommonsDev/sso.git

2. Make a virtualenv either using virtualenvwrapper on the more basic mkvirtualenv:

python3 -m venv ./venv
source ./venv/bin/activate

3. Install dependencies:

In production

pip install -r ./sso/requirements.txt

Or in development

pip install -r ./sso/requirements_local.txt

4. Configure your private infos:

cp ./sso/core/settings/private.py{.sample,}

And customize the file ./sso/core/settings/private.py.

5. Initialize the database (and the assets):

In production

mkdir ../data && chmod a+rw ../data
./manage.py migrate --settings=core.settings.prod
./manage.py collectstatic --settings=core.settings.prod

As we are using sqlite3, the data directory itself and the sqlite file must be writable by the web-server.

Or in a development environment

./manage.py migrate

You should customize the core/settings/prod.py to your context.

Adapting ALLOWED_HOSTS to avoir error 400.

./manage.py runserver

1. Create a superuser: ./manage.py createsuperuser.

2. Go to http://localhost:8000/ and log in.

3. Go to http://localhost:8000/oauth/applications/register/ to create a new application with a "confidential" client type and a "authorization code" for the authorization grant type. Enter your redirect uri (URI's that will receive the authorization token).

4. Go to localhost:8000/oauth/authorize/?client_id=MY_CLIENT_ID&response_type=code. Replace MY_CLIENT_ID with your actual client_id provided in the previous step. You should be prompted to authorize the app you created to share with your SSO, and redirected to the URI you provided, with an authorization code.

Example with a client credential.

1. Register your app (http://localhost:8000/oauth/applications/register/) with client credentials as grant type, confidential for client type.

2. Open a client for querying the API (here using HTTPie):

http --auth MY_CLIENT_ID:MY_CLIENT_SECRET -f http://localhost:8000/oauth/token/ grant_type=client_credentials

Replace "MY_CLIENT_ID" and "MY_CLIENT_SECRET" with these given when registering your app.

You should get a JSON response containing an access token like:

{
  "access_token": "4cb7pw6aElBGTpGVeCv9a3m7Yver3r",
  "expires_in": 36000,
  "scope": "write read",
  "token_type": "Bearer"
}

It is based on these 3rd party libraries:

• https://github.com/evonove/django-oauth-toolkit for dealing with the OAuth part.
• https://github.com/macropin/django-registration for managing user accounts.
• https://github.com/ottoyiu/django-cors-headers for CORS compatibility.

django-registration and oauth2_provider are wrapped and overridden by register and oauth apps.