2015-01-13 04:34:13 +00:00
|
|
|
|
|
|
|
|
|
.. image:: http://s1.postimg.org/qcm2dtr6n/title.png
|
|
|
|
|
####################################################
|
2014-12-19 15:27:43 +00:00
|
|
|
|
|
2015-01-08 20:55:24 +00:00
|
|
|
|
**This project is in ALFA version and is rapidly changing. DO NOT USE IT FOR PRODUCTION SITES.**
|
|
|
|
|
|
2015-01-05 20:32:58 +00:00
|
|
|
|
Important things that you should know:
|
|
|
|
|
|
2015-01-05 20:40:40 +00:00
|
|
|
|
- Although OpenID was built on top of OAuth2, this isn't an OAuth2 server. Maybe in a future it will be.
|
2015-01-09 00:25:52 +00:00
|
|
|
|
- This cover ``authorization_code`` flow and ``implicit`` flow, NO support for ``hybrid`` flow at this moment.
|
2015-01-05 20:40:40 +00:00
|
|
|
|
- Only support for requesting Claims using Scope Values.
|
2015-01-05 20:32:58 +00:00
|
|
|
|
|
2014-12-19 15:27:43 +00:00
|
|
|
|
************
|
|
|
|
|
Installation
|
|
|
|
|
************
|
|
|
|
|
|
|
|
|
|
Install the package using pip.
|
|
|
|
|
|
2014-12-19 15:59:11 +00:00
|
|
|
|
.. code:: bash
|
|
|
|
|
|
2015-01-05 20:32:58 +00:00
|
|
|
|
pip install https://github.com/juanifioren/django-openid-provider/archive/master.zip
|
2014-12-19 15:59:11 +00:00
|
|
|
|
|
|
|
|
|
|
2015-01-09 00:25:52 +00:00
|
|
|
|
Add it to your apps.
|
2014-12-19 15:27:43 +00:00
|
|
|
|
|
|
|
|
|
.. code:: python
|
|
|
|
|
|
|
|
|
|
INSTALLED_APPS = (
|
|
|
|
|
'django.contrib.admin',
|
|
|
|
|
'django.contrib.auth',
|
|
|
|
|
'django.contrib.contenttypes',
|
|
|
|
|
'django.contrib.sessions',
|
|
|
|
|
'django.contrib.messages',
|
|
|
|
|
'django.contrib.staticfiles',
|
|
|
|
|
'openid_provider',
|
|
|
|
|
# ...
|
|
|
|
|
)
|
|
|
|
|
|
2015-01-09 00:25:52 +00:00
|
|
|
|
Add the provider urls.
|
2014-12-19 15:27:43 +00:00
|
|
|
|
|
|
|
|
|
.. code:: python
|
|
|
|
|
|
|
|
|
|
urlpatterns = patterns('',
|
|
|
|
|
# ...
|
|
|
|
|
url(r'^openid/', include('openid_provider.urls', namespace='openid_provider')),
|
|
|
|
|
# ...
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
Finally, add a login view and ensure that has the same url defined in `LOGIN_URL` setting.
|
|
|
|
|
|
|
|
|
|
See: https://docs.djangoproject.com/en/1.7/ref/settings/#login-url
|
|
|
|
|
|
|
|
|
|
********************
|
|
|
|
|
Create User & Client
|
|
|
|
|
********************
|
|
|
|
|
|
|
|
|
|
First of all, we need to create a user: ``python manage.py createsuperuser``.
|
|
|
|
|
|
|
|
|
|
Then let's create a Client. Start django shell: ``python manage.py shell``.
|
|
|
|
|
|
|
|
|
|
.. code:: python
|
|
|
|
|
|
|
|
|
|
>>> from openid_provider.models import Client
|
2015-01-15 19:29:19 +00:00
|
|
|
|
>>> c = Client(name='Some Client', client_id='123', client_secret='456', client_type='confidential', response_type='code', redirect_uris=['http://example.com/'])
|
2014-12-19 15:27:43 +00:00
|
|
|
|
>>> c.save()
|
|
|
|
|
|
|
|
|
|
*******************
|
|
|
|
|
/authorize endpoint
|
|
|
|
|
*******************
|
|
|
|
|
|
2015-01-09 00:25:52 +00:00
|
|
|
|
Example of an OpenID Authentication Request using the ´´Authorization Code´´ flow.
|
|
|
|
|
|
2014-12-19 15:27:43 +00:00
|
|
|
|
.. code:: curl
|
|
|
|
|
|
|
|
|
|
GET /openid/authorize?client_id=123&redirect_uri=http%3A%2F%2Fexample.com%2F&response_type=code&scope=openid%20profile%20email&state=abcdefgh HTTP/1.1
|
|
|
|
|
Host: localhost:8000
|
|
|
|
|
Cache-Control: no-cache
|
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
|
|
|
|
|
|
****
|
|
|
|
|
Code
|
|
|
|
|
****
|
|
|
|
|
|
|
|
|
|
After the user accepts and authorizes the client application, the server redirects to:
|
|
|
|
|
|
|
|
|
|
.. code:: curl
|
|
|
|
|
|
|
|
|
|
http://example.com/?code=5fb3b172913448acadce6b011af1e75e&state=abcdefgh
|
|
|
|
|
|
|
|
|
|
We extract the ``code`` param and use it to obtain access token.
|
|
|
|
|
|
|
|
|
|
***************
|
|
|
|
|
/token endpoint
|
|
|
|
|
***************
|
|
|
|
|
|
|
|
|
|
.. code:: curl
|
|
|
|
|
|
|
|
|
|
POST /openid/token/ HTTP/1.1
|
|
|
|
|
Host: localhost:8000
|
|
|
|
|
Cache-Control: no-cache
|
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
|
|
|
|
|
|
client_id=123&client_secret=456&redirect_uri=http%253A%252F%252Fexample.com%252F&grant_type=authorization_code&code=[CODE]&state=abcdefgh
|
|
|
|
|
|
|
|
|
|
******************
|
|
|
|
|
/userinfo endpoint
|
|
|
|
|
******************
|
|
|
|
|
|
|
|
|
|
.. code:: curl
|
|
|
|
|
|
|
|
|
|
POST /openid/userinfo/ HTTP/1.1
|
|
|
|
|
Host: localhost:8000
|
|
|
|
|
Authorization: Bearer [ACCESS_TOKEN]
|