search

mediacms-io / mediacms

MediaCMS is a modern, fully featured open source video and media CMS, written in Python/Django and React, featuring a REST API.
https://mediacms.io
GNU Affero General Public License v3.0
2.52k stars 458 forks source link

Django Allauth Social Accounts / OpenID Connect not working #1028

Closed makerduck closed 1 month ago

makerduck commented 1 month ago

Describe the issue I tried to add a social login with django allauth more precisely a socialaccount with openid_connect as the provider. Authentik is my IdP and I successfully setup up a social login in another django based service (Tandoor). My understanding is that mediacms already uses allauth so it should be fairly straight forward to add a social login. (As found in #192)

To Reproduce Steps to reproduce the issue:

  1. download a new install of mediacms
  2. add "allauth.socialaccount.providers.openid_connect" to deploy/docker/local_settings.py for overriding settings.py: 
    INSTALLED_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"allauth",
"allauth.account",
"allauth.socialaccount",
"allauth.socialaccount.providers.openid_connect",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"django.contrib.sites",
"rest_framework",
"rest_framework.authtoken",
"imagekit",
"files.apps.FilesConfig",
"users.apps.UsersConfig",
"actions.apps.ActionsConfig",
"debug_toolbar",
"mptt",
"crispy_forms",
"uploader.apps.UploaderConfig",
"djcelery_email",
"ckeditor",
"drf_yasg",
]
  3. add SOCIALACCOUNT_PROVIDERS to /deploy/docker/local_settings.py: 
    SOCIALACCOUNT_PROVIDERS = {
"openid_connect": {
    "APPS": [
        {
            "provider_id": "authentik",
            "name": "Something Login",
            "client_id": "XXXXX",
            "secret": "XXXXX",
            "settings": {
                "server_url": "https://sso.domain.com/application/o/video/",
            },
        },
    ]
}
}
  4. docker-compose up
  5. everything starts up normally but theres no sign that the added lines affected anything

Expected behavior Loginpage should have a extra button for the external authentication over openidconnect as the provider is "hardcoded". Even if the initial socialaccount_provider setup failed there should be a dropdown menu in the django administration panel under "Social Applications" -> "Add social application" -> "Provider" with the option to use the enabled openidconnect.

Screenshots How the "Add social application" provider section should look like: grafik

Environment (please complete the following information):

Additional context As read in #711 I'm not so sure anymore if this should work at all? Has anyone successfully used allauth with external authentication with mediacms or has any idea for what I'm doing wrong or should look into to get this working?

Thanks a lot!

makerduck commented 1 month ago

After more testing turns out mediacms is currently build with an older version of allauth and does not support openid connect. Couldn't figure out how to update allauth on my own. So at the moment its not easily possible to integrate any external authentification.