我们如何使用python social auth openid connect集成任何SSO提供程序?

时间:2016-11-24 09:19:08

标签: python django openid-connect python-social-auth

在我的项目中,客户可以通过管理面板配置自己的SSO服务。 我可以创建遗传密码吗?像这样。

这里我使用的是python social auth open_id模块。 python social auth为谷歌OpenID连接创建了一个例子我遵循相同但我不确定它是否适用于所有人。 我可以将以下代码用于多个SSO提供商吗? 喜欢google,okta,gluu,oracle等..

"""
This file contains Django authentication backends. For more information visit
https://docs.djangoproject.com/en/dev/topics/auth/customizing/.
"""
from django.conf import settings
from social.backends.oauth import BaseOAuth2
from social.backends.open_id import OpenIdConnectAuth


class CommonOAuth2Mixin(object):
    ACCESS_TOKEN_METHOD = 'POST'
    REDIRECT_STATE = False
    # ID_KEY = 'username'
    USER_INFO_URL = None

    def get_user_permissions(self, access_token):
        # TODO: Do we need to worry about refreshing the token?
        data = self.get_json(
            self.USER_INFO_URL,
            headers={'Authorization': 'Bearer {0}'.format(access_token)}
        )
        return data['permissions']


class AnyOpenIdConnect(CommonOAuth2Mixin, OpenIdConnectAuth):
    name = 'any-oidc'
    DEFAULT_SCOPE = ['openid', 'email', 'profile']
    ID_TOKEN_ISSUER = settings.SOCIAL_AUTH_ANY_OIDC_URL_ROOT
    AUTHORIZATION_URL = settings.SOCIAL_AUTH_ANY_OIDC_URL_ROOT
    ACCESS_TOKEN_URL = settings.SOCIAL_AUTH_ANY_OIDC_URL_ROOT
    USER_INFO_URL = settings.SOCIAL_AUTH_ANY_OIDC_URL_ROOT

    def user_data(self, _access_token, *_args, **_kwargs):
        return self.id_token

    def get_user_details(self, response):
        return {
            u'username': response['username'],
            u'email': response['email'],
            u'full_name': response['name'],
            u'first_name': response['given_name'],
            u'last_name': response['family_name']
        }



urls.py 
_________
url(r'^accounts/login/$',
                RedirectView.as_view(url=reverse_lazy('social:begin', args=['any-oidc']),
                                     permanent=False, query_string=True), name='login'),

settings.py 
____________
    # Set to true if using SSL and running behind a proxy
# SOCIAL_AUTH_REDIRECT_IS_HTTPS = False

# Fields passed to the custom user model when creating a new user
# SOCIAL_AUTH_USER_FIELDS = ['username', 'email', 'first_name', 'last_name']
SOCIAL_AUTH_RAISE_EXCEPTIONS = True
# SOCIAL_AUTH_LOGIN_ERROR_URL = '/'
# LOGIN_URL = '/login/'
# ENABLE_AUTO_AUTH = False
LOGIN_REDIRECT_URL = '/'
# SOCIAL_AUTH_ANY_OIDC_SCOPE = ['']
# EXTRA_SCOPE = ['']

SOCIAL_AUTH_ANY_OIDC_KEY = ''
SOCIAL_AUTH_ANY_OIDC_SECRET = ''
ANY_ID_TOKEN_ISSUER = "accounts.google.com"
ANY_AUTHORIZATION_URL = "https://accounts.google.com/o/oauth2/auth"
ANY_ACCESS_TOKEN_URL = "https://accounts.google.com/o/oauth2/token"
ANY_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'

# OIDC ID token decryption key. This value is used to validate the ID token.
# This should be the same value as SOCIAL_AUTH_ANY_OIDC_SECRET
# SOCIAL_AUTH_ANY_OIDC_ANY_TOKEN_DECRYPTION_KEY = SOCIAL_AUTH_ANY_OIDC_SECRET

SOCIAL_AUTH_PIPELINE = (
    'social.pipeline.social_auth.social_details',
    'social.pipeline.social_auth.social_uid',
    'social.pipeline.social_auth.auth_allowed',
    'social.pipeline.social_auth.social_user',
    'auth_flows.pipeline.get_user_if_exists',
    'social.pipeline.user.get_username',
    'social.pipeline.mail.mail_validation',
    'social.pipeline.user.create_user',
    'social.pipeline.social_auth.associate_user',
    'social.pipeline.debug.debug',
    'social.pipeline.social_auth.load_extra_data',
    'social.pipeline.user.user_details',
    'social.pipeline.debug.debug'
)

0 个答案:

没有答案