Aiakos is an OpenID Connect server that supports both local and federated authentication. It's meant to be used as a single, centralized gateway to all your services, so that you can manage your users in a single place, they can benefit from Single Sign-On, and your apps don't need to worry about authentication.
Users can log in using login and password.
Users can log in using external, standards-compliant OpenID Providers (like Google). Aiakos also supports some legacy (non-OIDC) OAuth2 servers, like GitHub and GitLab.
TODO We're going to support TOTP.
Currently, this repo contains multiple packages; they'll get split into multiple repos when the project matures.
- django_profile_oidc (Python 3.x) - User profile containing standard OIDC user info
- django_extauth (Python 3.x) - Federated authentication support for Django, based on openid_connect library.
- aiakos.openid_provider (Python 3.x) - OAuth 2 + OIDC Provider library
Any standards-compliant OpenID Connect library may be used.
We also provide our own client libraries:
- openid-connect (Python 2.7/3.x) - Low-level Python OIDC Client library + wrappers for legacy protocols
- django-auth-oidc (Python 2.7/3.x) - Django authentication module for authentication using only a single OpenID Provider
The recommended way to deploy aiakos is to use the official docker container - aiakos/aiakos.
Aiakos is using dj12 for twelve-factor configuration support.
See dj12 usage for a list of supported options. Note that we are not using cache right now.
- HOME_URL (optional) - URL to redirect to when a logged in user accesses /; by default he'll get redirected to the app list view
- BOOTSTRAP_THEME_URL (optional) - Bootstrap theme to use, you can find many free ones at bootswatch.com
- BOOTSTRAP_THEME_INTEGRITY (optional) - Integrity checksum of the Bootstrap theme
Use django-admin migrate
to set up / update the database.
Use django-admin createsuperuser
to create first user account.
TODO Automatically create root:root user account as a migration.
$ heroku create
$ git push heroku master
$ heroku run python -m aiakos migrate
$ heroku run python -m aiakos creatersakey
$ heroku run python -m aiakos createsuperuser
$ heroku open
OpenID Clients and external OpenID Providers can be configured in the Django admin panel - available at /admin.
You can find an example client in the example-client-django repo.
Please set up a git hook that'll automatically enforce project's style:
git config core.hooksPath githooks/
Aiakos is dual-licenced; you may choose the terms of the MIT License or the BSD 2-Clause License.