Aiakos is an OpenID Connect server that supports both local and federated authentication. It's meant to be used as a single, centralized gateway to all your services, so that you can manage your users in a single place, they can benefit from Single Sign-On, and your apps don't need to worry about authentication.

Users can log in using login and password.

Users can log in using external, standards-compliant OpenID Providers (like Google). Aiakos also supports some legacy (non-OIDC) OAuth2 servers, like GitHub and GitLab.

TODO We're going to support TOTP.

Currently, this repo contains multiple packages; they'll get split into multiple repos when the project matures.

• django_profile_oidc (Python 3.x) - User profile containing standard OIDC user info
• django_extauth (Python 3.x) - Federated authentication support for Django, based on openid_connect library.
• aiakos.openid_provider (Python 3.x) - OAuth 2 + OIDC Provider library

Any standards-compliant OpenID Connect library may be used.

We also provide our own client libraries:

• openid-connect (Python 2.7/3.x) - Low-level Python OIDC Client library + wrappers for legacy protocols
• django-auth-oidc (Python 2.7/3.x) - Django authentication module for authentication using only a single OpenID Provider

The recommended way to deploy aiakos is to use the official docker container - aiakos/aiakos.

Aiakos is using dj12 for twelve-factor configuration support.

See dj12 usage for a list of supported options. Note that we are not using cache right now.

• HOME_URL (optional) - URL to redirect to when a logged in user accesses /; by default he'll get redirected to the app list view
• BOOTSTRAP_THEME_URL (optional) - Bootstrap theme to use, you can find many free ones at bootswatch.com
• BOOTSTRAP_THEME_INTEGRITY (optional) - Integrity checksum of the Bootstrap theme

Use django-admin migrate to set up / update the database.

Use django-admin createsuperuser to create first user account.

TODO Automatically create root:root user account as a migration.

$ heroku create
$ git push heroku master

$ heroku run python -m aiakos migrate
$ heroku run python -m aiakos creatersakey
$ heroku run python -m aiakos createsuperuser
$ heroku open

OpenID Clients and external OpenID Providers can be configured in the Django admin panel - available at /admin.

You can find an example client in the example-client-django repo.

Please set up a git hook that'll automatically enforce project's style:

git config core.hooksPath githooks/

Aiakos is dual-licenced; you may choose the terms of the MIT License or the BSD 2-Clause License.