This server uses openId connect implementation to allow the authentication of users in the FLEXCoop Components.
The server is based on django_oidc_provider package, with some minor modifications and customizations.
- Create a virtualenv in python3
virtualenv -p python3 venv- Install requirements
source venv/bin/activate
pip install -r requirements.txt- Create the environemnt variables
export DJANGO_SECRET_KEY=""
export DATABASE_NAME=""
export DATABASE_USER=""
export DATABASE_PASSWORD=""
export DATABASE_PORT=
export DATABASE_HOST=""
export OAUTH_SERVER_UUID""
export DJANGO_LOG_LEVEL=""
export SITE_URL="" # The domain/ip where the server is running
export OAUTH_SERVER_LOGO="" # The statics url of the image logo of the company
export EMAIL_HOST=""
export EMAIL_USER=""
export EMAIL_PASSWORD=""
export EMAIL_PORT="587"
- Collect Statics into
static/folder
python3 manage.py collectstatic --no-input-
Configure the server to serve the static folder
check the documentation of your server provider to do so.
-
Create the RSA key
python3 manage.py creatersakey- Create super user
python3 manage.py createsuperuser- Run the server
python3 manage.py runserver- Server administration The server administration is reached under the endpoint
<server-adress>/accounts/login/
The user login is found under
<server-adress>/accounts/login/
where you also find a link to the page
<server-adress>/accounts/login/signup
that allows to create new 'flexcoop' users.
Using this method, the anonimized id is generated by the server and the users role is set to 'Prosumer'
It is also possible to create users using the django servers admin console and the 'add user' function. To allow login via oAuth, one needs to set a role and supply an anonimized id for the user in the upper of the two 'Profile/Flex user' settings of the user.
The administrator console allows to change the role of a user to prosumer or agregator.
These are the steps needed to a web-backend-client that allows its users to log into the server using oAuth2/OpenID.
-
In the django admin console , navigate to Client / Add client
-
Choose a name for the client
-
The owner is numerical user id, use 0 for the admin
-
Choose client type confidential and code (Authorization flow) if you are using oAuth methods provided in the backend-mockup demo
-
Require consent and reuse consent
-
Press 'Save and continue editing' at the end of the page
-
If no error is issued, the django server will generate a client id and a client secret that need to be used by this client
-
Fill in the scopes (one per line):
openid
role
<client_id>
- Fill in the full Redirect URIs used by the oAuth lib - in case of the backend-mockup, these were
http://127.0.0.1:8080/login/authorized
http://localhost:8080/login/authorized
https://<cluster-adress>/login/authorized
- Fill in session management
http://127.0.0.1:8080/
http://localhost:8080/
https://<cluster-adress>/
<client_id>