Open thejimmyg opened 2 years ago
Found example
in oidc_provider/tests
.
Here's what I had to do to be able to log into the Django admin. Will add more findings here.
git clone https://github.com/peppelinux/django-oidc-op.git
cd django-oidc-op
python3 -m venv venv
. venv/bin/activate
pip install -r requirements.txt
cd oidc_provider/tests/example
ln -s ../../../oidc_provider oidc_provider
./manage.py makemigrations
./manage.py migrate
./manage.py createsuperuser
./manage.py runserver
yes, feel free to open a PR to fix this in the README
Thanks @peppelinux. I'll do some more experimenting first.
For example on macOS, run.sh
fails with:
uwsgi: unrecognized option `--https'
and if you try ./manage.py runserver
without the HTTPS certificates, Django admin login fails on Safari with a 403 CSRF error (but it works in Chrome).
You seem to need to re-compile uwsgi
like this:
CFLAGS="-I/usr/local/opt/openssl/include" LDFLAGS="-L/usr/local/opt/openssl/lib" UWSGI_PROFILE_OVERRIDE=ssl=true pip install uwsgi -Iv
Then you can run:
uwsgi --wsgi-file example/wsgi.py --https 0.0.0.0:8000,./data/oidc_op/certs/cert.pem,./data/oidc_op/certs/key.pem -b 32768 --honour-stdin
and visit https://localhost:8000/admin/ in Safari. Once you accept the certificate it works.
You can then run the tests successfully like this:
./manage.py test oidc_provider
I also found this worked from the project root directory:
python3 snippets/rp_handler.py -c oidc_provider/tests/oidc_rp/conf.json -u test -p testami18 -iss django_provider
But I couldn't find the conf.django.yaml
file for the other example mentioned in the README.md
.
OK, found a copy of it in the history here:
But having tried it and adjusted port and domain it doesn't work.
I think instead you are supposed to use:
git clone https://github.com/IdentityPython/JWTConnect-Python-OidcRP.git
cd JWTConnect-Python-OidcRP/example
RP_LOGFILE_NAME="./flrp.django.log" python3 -m flask_rp.wsgi ../../django-oidc-op/oidc_provider/tests/oidc_rp/conf.json
In order to get this to work you need to edit that conf.json
file and remove a trailing comma on line 267 otherwise you get an error:
json.decoder.JSONDecodeError: Expecting property name enclosed in double quotes: line 266 column 7 (char 6172)
Now if I choose django-provider
as one of the preconfigured OpenID Connect Providers I get a bit further. I can enter my admin credentials, but it redirects to example.org which is a domain that is not set up. Perhaps that needs changing.
OK, if you apply this patch to conf.json
the JWTConnect-Python-OidcRP example works:
diff --git a/oidc_provider/tests/oidc_rp/conf.json b/oidc_provider/tests/oidc_rp/conf.json
index 46b11d6..c92761c 100644
--- a/oidc_provider/tests/oidc_rp/conf.json
+++ b/oidc_provider/tests/oidc_rp/conf.json
@@ -34,7 +34,7 @@
},
"port": 8090,
"domain": "127.0.0.1",
- "base_url": "https://example.org",
+ "base_url": "https://localhost:8090",
"httpc_params": {
"verify": false
},
@@ -263,22 +263,18 @@
"token_endpoint_auth_method": [
"client_secret_basic",
"client_secret_post"
- ],
+ ]
},
"issuer": "https://127.0.0.1:8000/",
-
- # "client_id": "DBP60x3KUQfCYWZlqFaS_Q",
- # "client_secret": "8526270403788522b2444e87ea90c53bcafb984119cec92eeccc12f1",
-
"redirect_uris": [
- "https://example.org/authz_cb/django_provider"
+ "https://localhost:8090/authz_cb/django_provider"
],
"post_logout_redirect_uris": [
- "https://example.org/session_logout/django_provider"
+ "https://localhost:8090/session_logout/django_provider"
],
- "frontchannel_logout_uri": "https://example.org/fc_logout/django_provider",
+ "frontchannel_logout_uri": "https://localhost:8090/fc_logout/django_provider",
"frontchannel_logout_session_required": true,
- "backchannel_logout_uri": "https://example.org/bc_logout/django_provider",
+ "backchannel_logout_uri": "https://localhost:8090/bc_logout/django_provider",
"backchannel_logout_session_required": true,
"services": {
"discovery": {
@@ -323,5 +319,7 @@
"server_cert": "certs/cert.pem",
"server_key": "certs/key.pem",
"debug": true
- }
+ },
+ "port": 8090,
+ "domain": "127.0.0.1"
}
The tests still pass with this config, even if you rename this one so that it is enabled too:
../_test_02_oidcrp.py -> ../test_02_oidcrp.py
Just change the sleep to 5 seconds instead of 2 to give uWSGI chance to load.
git clone https://github.com/IdentityPython/JWTConnect-Python-OidcRP.git
cd JWTConnect-Python-OidcRP/example
RP_LOGFILE_NAME="./flrp.django.log" python3 -m flask_rp.wsgi ../../django-oidc-op/oidc_provider/tests/oidc_rp/conf.json
Visit https://127.0.0.1:8090 and choose django_provider
then login with test
and testami18
and you'll see this:
I'm trying to follow the example instructions, but the
example
folder is missing. Please could it be added?