在我的项目中,客户可以通过管理面板配置自己的SSO服务。 我可以创建遗传密码吗?像这样。
这里我使用的是python social auth open_id模块。 python social auth为谷歌OpenID连接创建了一个例子我遵循相同但我不确定它是否适用于所有人。 我可以将以下代码用于多个SSO提供商吗? 喜欢google,okta,gluu,oracle等..
"""
This file contains Django authentication backends. For more information visit
https://docs.djangoproject.com/en/dev/topics/auth/customizing/.
"""
from django.conf import settings
from social.backends.oauth import BaseOAuth2
from social.backends.open_id import OpenIdConnectAuth
class CommonOAuth2Mixin(object):
ACCESS_TOKEN_METHOD = 'POST'
REDIRECT_STATE = False
# ID_KEY = 'username'
USER_INFO_URL = None
def get_user_permissions(self, access_token):
# TODO: Do we need to worry about refreshing the token?
data = self.get_json(
self.USER_INFO_URL,
headers={'Authorization': 'Bearer {0}'.format(access_token)}
)
return data['permissions']
class AnyOpenIdConnect(CommonOAuth2Mixin, OpenIdConnectAuth):
name = 'any-oidc'
DEFAULT_SCOPE = ['openid', 'email', 'profile']
ID_TOKEN_ISSUER = settings.SOCIAL_AUTH_ANY_OIDC_URL_ROOT
AUTHORIZATION_URL = settings.SOCIAL_AUTH_ANY_OIDC_URL_ROOT
ACCESS_TOKEN_URL = settings.SOCIAL_AUTH_ANY_OIDC_URL_ROOT
USER_INFO_URL = settings.SOCIAL_AUTH_ANY_OIDC_URL_ROOT
def user_data(self, _access_token, *_args, **_kwargs):
return self.id_token
def get_user_details(self, response):
return {
u'username': response['username'],
u'email': response['email'],
u'full_name': response['name'],
u'first_name': response['given_name'],
u'last_name': response['family_name']
}
urls.py
_________
url(r'^accounts/login/$',
RedirectView.as_view(url=reverse_lazy('social:begin', args=['any-oidc']),
permanent=False, query_string=True), name='login'),
settings.py
____________
# Set to true if using SSL and running behind a proxy
# SOCIAL_AUTH_REDIRECT_IS_HTTPS = False
# Fields passed to the custom user model when creating a new user
# SOCIAL_AUTH_USER_FIELDS = ['username', 'email', 'first_name', 'last_name']
SOCIAL_AUTH_RAISE_EXCEPTIONS = True
# SOCIAL_AUTH_LOGIN_ERROR_URL = '/'
# LOGIN_URL = '/login/'
# ENABLE_AUTO_AUTH = False
LOGIN_REDIRECT_URL = '/'
# SOCIAL_AUTH_ANY_OIDC_SCOPE = ['']
# EXTRA_SCOPE = ['']
SOCIAL_AUTH_ANY_OIDC_KEY = ''
SOCIAL_AUTH_ANY_OIDC_SECRET = ''
ANY_ID_TOKEN_ISSUER = "accounts.google.com"
ANY_AUTHORIZATION_URL = "https://accounts.google.com/o/oauth2/auth"
ANY_ACCESS_TOKEN_URL = "https://accounts.google.com/o/oauth2/token"
ANY_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
# OIDC ID token decryption key. This value is used to validate the ID token.
# This should be the same value as SOCIAL_AUTH_ANY_OIDC_SECRET
# SOCIAL_AUTH_ANY_OIDC_ANY_TOKEN_DECRYPTION_KEY = SOCIAL_AUTH_ANY_OIDC_SECRET
SOCIAL_AUTH_PIPELINE = (
'social.pipeline.social_auth.social_details',
'social.pipeline.social_auth.social_uid',
'social.pipeline.social_auth.auth_allowed',
'social.pipeline.social_auth.social_user',
'auth_flows.pipeline.get_user_if_exists',
'social.pipeline.user.get_username',
'social.pipeline.mail.mail_validation',
'social.pipeline.user.create_user',
'social.pipeline.social_auth.associate_user',
'social.pipeline.debug.debug',
'social.pipeline.social_auth.load_extra_data',
'social.pipeline.user.user_details',
'social.pipeline.debug.debug'
)