{"id":34051438,"url":"https://github.com/appsembler/tahoe-idp","last_synced_at":"2026-04-10T10:31:41.406Z","repository":{"id":37448862,"uuid":"402581929","full_name":"appsembler/tahoe-idp","owner":"appsembler","description":"A package of tools and features for integrating Tahoe with FusionAuth","archived":false,"fork":false,"pushed_at":"2024-04-24T18:49:46.000Z","size":260,"stargazers_count":0,"open_issues_count":15,"forks_count":1,"subscribers_count":7,"default_branch":"main","last_synced_at":"2026-03-20T05:40:18.168Z","etag":null,"topics":["appsembler-tahoe","auth","openedx"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/appsembler.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-09-02T22:46:21.000Z","updated_at":"2025-08-02T15:33:23.000Z","dependencies_parsed_at":"2024-04-24T19:57:18.301Z","dependency_job_id":"6b312868-290c-40ff-af7d-896959bf35b5","html_url":"https://github.com/appsembler/tahoe-idp","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/appsembler/tahoe-idp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appsembler%2Ftahoe-idp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appsembler%2Ftahoe-idp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appsembler%2Ftahoe-idp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appsembler%2Ftahoe-idp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/appsembler","download_url":"https://codeload.github.com/appsembler/tahoe-idp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appsembler%2Ftahoe-idp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31638404,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-10T07:40:12.752Z","status":"ssl_error","status_checked_at":"2026-04-10T07:40:11.664Z","response_time":98,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsembler-tahoe","auth","openedx"],"created_at":"2025-12-14T01:21:24.276Z","updated_at":"2026-04-10T10:31:41.398Z","avatar_url":"https://github.com/appsembler.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tahoe Identity Provider [![CI](https://github.com/appsembler/tahoe-idp/actions/workflows/tests.yml/badge.svg)](https://github.com/appsembler/tahoe-idp/actions/workflows/tests.yml) ![Black code style](https://img.shields.io/badge/code%20style-black-000000.svg)\n\nA package of IdP user authentication modules designed to work in Open edX.\n\n\n## README NEEDS UPDATE\nThe readme is obsolete because this package is now using FusionAuth instead of Auth0.\n\n\n## 0. Prerequisites\nTo be able to use this library, you need to have the following\n- An Auth0 [Tenant](https://auth0.com/docs/get-started/create-tenants).\n- An Auth0 [API](https://auth0.com/docs/get-started/set-up-apis)\n- An Auth0 [Machine to Machine](https://auth0.com/docs/get-started/create-apps/machine-to-machine-apps) application.\n- At least one organization.\n- One custom connection.\n\n### 0.1. Configuring the API\nWe need to register an API to perform user registration and to communicate with\nAuth0 organizations.\n\nYour API must have the following permissions:\n  - `read:users`\n  - `update:users`\n  - `delete:users`\n  - `create:users`\n  - `read:user_idp_tokens`\n  - `read:organizations`\n  - `create:organization_invitations`\n\n### 0.2. Configuring the Machine to Machine application\nWe need to integrate Auth0 with a machine-to-machine (M2M) application. This library\nwill use this Machine to Machine application to be able to communicate with\nthe API we configured above for two purposes:\n  - Registering users.\n  - Reading organizations and hook them with edx-platform.\n\nThis application doesn't require extra configuration.\n\n\u003e **NOTE**\n\u003e\n\u003e The Client ID and Secret of this application are going to be added to\n\u003e `TAHOE_IDP_CONFIGS` settings.\n\n### 0.3. Hooking the Machine to Machine application with the API\nGo to the settings page of your API. Click **Machine to Machine Applications** tab and:\n  - Authorize your Machine to Machine application created in the previous step to use the API.\n  - Allow this Machine to Machine application to use all the permission specified above from this API.\n\n### 0.4. Create Regular Web Application\nThis application is the primary application our edX platoform is going to use\nto authenticate users.\n\n- For the **Allowed Callback URLs** use something similar to this [http://*.devstack.site:18000/auth/complete/tahoe-idp/]() or configure yours.\n- For the **Allowed Logout URLs** use something similar to this [http://localhost:18000/]() or configure yours.\n\n\u003e **NOTE**\n\u003e\n\u003e The Client ID and Secret of this application are going to be used in the\n\u003e edx-platform Admin settings.\n\n### 0.5. Configure the Organization\nEach organization is going to be mapped to a single edx-platform organization.\n- The Auth0 organization ID (Similar to `org_1Ab2Cd3`) should be saved into `admin` config in Site Configuration.  \n- Save the organization ID to create a connection later.\n\n### 0.6. Configure the Connection\nGo to your tenant's _Authentication \u003e Database_ section, and create a custom\nconnection for your organization.\n- Connection name must be `con-{org_id}` (For example `con-1Ab2Cd3`).\n- Save the connection ID in `IDP_CONNECTION_ID` the `admin` config in Site Configuration.\n- Set `Requires Username` to true and its maximum length to 30 to match current edX setup.\n- In the Applications tab of your connection; Allow your `Regular Web Application` and `Machine to Machine`.\n- Go back to the settings page of the organization you just created, click `Connection`, then:\n  - Enable the connection you created above.\n  - Make sure to \"Enable Auto-Membership\"\n\nYou should be all set now.\n\n## 1. Install\n\n### 1.1. Production\nTo use this library in production, add the following to you Ansible deployment:\n```yaml\nEDXAPP_EXTRA_REQUIREMENTS:\n  - name: 'git+https://github.com/appsembler/tahoe-idp.git#egg=tahoe-idp'\n```\n\n### 1.2. Devstack\n\nWe can achieve this using two ways. Both of these methods work in Sultan and\nnormal Docker setup:\n\n#### 1.2.1. A quick setup (not persistent).\n```shell\ncd /path/to/devstack\nmake lms-shell\npip install git+https://github.com/appsembler/tahoe-idp\n```\n#### 1.2.2. Sultan\nIn your sultan in configurations file (`configs/.configs.\u003cusername\u003e`), append\nthe repo path to `EDXAPP_EXTRA_REQUIREMENTS`:\n\n```shell\nEDXAPP_EXTRA_REQUIREMENTS=\"...,https://github.com/appsembler/tahoe-idp.git,...\"\n```\n\nThen on your host machine run the following command:\n```shell\nsultan instance reconfigure\n```\n\n\u003e **NOTE**\n\u003e\n\u003e Using this method requires you to manually install `python-jose==3.2.0` in LMS shell\n\u003e ```\n\u003e $ make lms-shell\n\u003e $ pip install python-jose==3.2.0  # version 3.3.0 won't work on python 3.5\n\u003e ```\n\n## 2. Configure the edX app\nThis package is following edx-platform plugin architecture. Check [plugins#0b4072b](https://github.com/edx/edx-django-utils/tree/0b4072bea3c4610d654a670b3047a7391deaa69f/edx_django_utils/plugins) documentation for more info on plugins.\n\nIn your `edxapp-envs/lms.yml`:\n\n```yaml\nEDXAPP_EXTRA_REQUIREMENTS:\n  - name: \"tahoe-idp\"\n\nFEATURES:\n    ...\n    ENABLE_TAHOE_IDP: true\n    ...\n\nTHIRD_PARTY_AUTH_BACKENDS: [\n    \"tahoe_idp.backend.TahoeIdpOAuth2\"\n]\n\nTAHOE_IDP_CONFIGS:\n    DOMAIN: \u003cdomain\u003e\n    API_CLIENT_ID: \u003cclient id\u003e\n    API_CLIENT_SECRET: \u003cclient secret\u003e\n...\n```\n\n#### Settings Description\n- `THIRD_PARTY_AUTH_BACKENDS`: Tell Django to use this backend when attempting to authenticate a user.\n- `FEATURES`: edX platform features settings\n  - `ENABLE_TAHOE_IDP`: A switch to enable/disable this plugin. We will use this value if and only if `ENABLE_TAHOE_IDP` is not defined in Site Configurations.\n- `TAHOE_IDP_CONFIGS` A parent node of Auth0 settings. If not configured while the plugin is enabled, we will raise an error.\n  - `DOMAIN`: Your Auth0 Domain assigned to you when creating the tenant, or your configured [Custom Domain](https://auth0.com/docs/brand-and-customize/custom-domains).\n  - `API_CLIENT_ID`: The client ID of your Auth0 _Machine to Machine_ app. Fetched from `Auth0 Site \u003e Applications \u003e Applications \u003e Your Machine to Machine App \u003e Client ID`\n  - `API_CLIENT_SECRET`: The client Secret of your Auth0 _Machine to Machine_ app. Fetched from `Auth0 Site \u003e Applications \u003e Applications \u003e Your Machine to Machine App \u003e Client Secret`\n\nNow run `make dev.up`, or `sultan devstack up` if you're using Sultan.\n\n\u003e **NOTE**\n\u003e\n\u003e You might need to restart your devstack at this point using `make lms-restart`\n\n## 3. Admin Panel Configurations\nAt this stage, you were able to hook the library with Open edX, to finalize\nthe setup, you need to add some additional configurations in your LMS admin\npanel.\n\n- In your browser, head to [http://localhost:18000/admin]()\n- Go to [THIRD-PARTY AUTHENTICATION \u003e Provider Configuration (OAuth)](http://localhost:18000/admin/third_party_auth/oauth2providerconfig/).\n- Click **Add Provider Configuration**.\n  - Check `Enabled`.\n  - For the `Name` field, we're going to call it `Auth0`.\n  - Check `Skip registration form` (This library will handle this).\n  - Check `Skip email verification` (Auth0 will handle this).\n  - Check `Visible`.\n  - Choose `tahoe-idp` in the `Backend Name` field.\n  - Insert your Auth0 _Regular Web Application_'s `Client ID` and `Client Secret`.\n  - In `Other Settings`, insert the following:\n    ```json\n    {\"SCOPE\": [\"openid profile email\"]}\n    ```\n\n\u003e **NOTE**\n\u003e\n\u003e Using these scopes will make sure edX Platform can read the user's email\n\u003e and profile from Auth0.\n\n\n## 4. Auth0's Django tutorial\nThe implementation in this project was based on the Auth0's Django tutorial here:\n[https://auth0.com/docs/quickstart/webapp/django/01-login#configure-auth0](https://auth0.com/docs/quickstart/webapp/django/01-login#configure-auth0)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappsembler%2Ftahoe-idp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fappsembler%2Ftahoe-idp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappsembler%2Ftahoe-idp/lists"}