search

appsembler / tahoe-idp

A package of tools and features for integrating Tahoe with Auth0
MIT License
0 stars 0 forks source link

readme

Tahoe Identity Provider CI Black code style

A package of IdP user authentication modules designed to work in Open edX.

README NEEDS UPDATE

The readme is obsolete because this package is now using FusionAuth instead of Auth0.

0. Prerequisites

To be able to use this library, you need to have the following

0.1. Configuring the API

We need to register an API to perform user registration and to communicate with Auth0 organizations.

Your API must have the following permissions:

0.2. Configuring the Machine to Machine application

We need to integrate Auth0 with a machine-to-machine (M2M) application. This library will use this Machine to Machine application to be able to communicate with the API we configured above for two purposes:

This application doesn't require extra configuration.

NOTE

The Client ID and Secret of this application are going to be added to TAHOE_IDP_CONFIGS settings.

0.3. Hooking the Machine to Machine application with the API

Go to the settings page of your API. Click Machine to Machine Applications tab and:

0.4. Create Regular Web Application

This application is the primary application our edX platoform is going to use to authenticate users.

NOTE

The Client ID and Secret of this application are going to be used in the edx-platform Admin settings.

0.5. Configure the Organization

Each organization is going to be mapped to a single edx-platform organization.

0.6. Configure the Connection

Go to your tenant's Authentication > Database section, and create a custom connection for your organization.

You should be all set now.

1. Install

1.1. Production

To use this library in production, add the following to you Ansible deployment:

EDXAPP_EXTRA_REQUIREMENTS:
  - name: 'git+https://github.com/appsembler/tahoe-idp.git#egg=tahoe-idp'

1.2. Devstack

We can achieve this using two ways. Both of these methods work in Sultan and normal Docker setup:

1.2.1. A quick setup (not persistent).

cd /path/to/devstack
make lms-shell
pip install git+https://github.com/appsembler/tahoe-idp

1.2.2. Sultan

In your sultan in configurations file (configs/.configs.<username>), append the repo path to EDXAPP_EXTRA_REQUIREMENTS:

EDXAPP_EXTRA_REQUIREMENTS="...,https://github.com/appsembler/tahoe-idp.git,..."

Then on your host machine run the following command:

sultan instance reconfigure

NOTE

Using this method requires you to manually install python-jose==3.2.0 in LMS shell

$ make lms-shell
$ pip install python-jose==3.2.0  # version 3.3.0 won't work on python 3.5

2. Configure the edX app

This package is following edx-platform plugin architecture. Check plugins#0b4072b documentation for more info on plugins.

In your edxapp-envs/lms.yml:

EDXAPP_EXTRA_REQUIREMENTS:
  - name: "tahoe-idp"

FEATURES:
    ...
    ENABLE_TAHOE_IDP: true
    ...

THIRD_PARTY_AUTH_BACKENDS: [
    "tahoe_idp.backend.TahoeIdpOAuth2"
]

TAHOE_IDP_CONFIGS:
    DOMAIN: <domain>
    API_CLIENT_ID: <client id>
    API_CLIENT_SECRET: <client secret>
...

Settings Description

Now run make dev.up, or sultan devstack up if you're using Sultan.

NOTE

You might need to restart your devstack at this point using make lms-restart

3. Admin Panel Configurations

At this stage, you were able to hook the library with Open edX, to finalize the setup, you need to add some additional configurations in your LMS admin panel.

NOTE

Using these scopes will make sure edX Platform can read the user's email and profile from Auth0.

4. Auth0's Django tutorial

The implementation in this project was based on the Auth0's Django tutorial here: https://auth0.com/docs/quickstart/webapp/django/01-login#configure-auth0