{"id":13849436,"url":"https://github.com/divio/django-simple-sso","last_synced_at":"2025-04-05T07:07:03.118Z","repository":{"id":41060197,"uuid":"2184241","full_name":"divio/django-simple-sso","owner":"divio","description":null,"archived":false,"fork":false,"pushed_at":"2024-03-25T09:29:06.000Z","size":103,"stargazers_count":303,"open_issues_count":18,"forks_count":116,"subscribers_count":22,"default_branch":"master","last_synced_at":"2024-04-10T01:11:42.998Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/divio.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2011-08-10T09:04:25.000Z","updated_at":"2024-06-18T17:03:20.161Z","dependencies_parsed_at":"2024-03-25T09:26:41.733Z","dependency_job_id":"b9f29094-4387-4642-9a99-4387d751ebf6","html_url":"https://github.com/divio/django-simple-sso","commit_stats":null,"previous_names":["aldryn/django-simple-sso"],"tags_count":24,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/divio%2Fdjango-simple-sso","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/divio%2Fdjango-simple-sso/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/divio%2Fdjango-simple-sso/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/divio%2Fdjango-simple-sso/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/divio","download_url":"https://codeload.github.com/divio/django-simple-sso/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247299832,"owners_count":20916190,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T19:01:18.101Z","updated_at":"2025-04-05T07:07:03.093Z","avatar_url":"https://github.com/divio.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"=================\ndjango-simple-sso\n=================\n\n|pypi| |build| |coverage|\n\n\nDocumentation\n=============\n\nSee ``REQUIREMENTS`` in the `setup.py \u003chttps://github.com/divio/django-simple-sso/blob/master/setup.py\u003e`_\nfile for additional dependencies:\n\n|python| |django|\n\n\nDjango Simple SSO Specification (DRAFT)\n=======================================\n\nTerminology\n***********\n\nServer\n------\n\nThe server is a Django website that holds all the user information and\nauthenticates users.\n\nClient\n------\n\nThe client is a Django website that provides login via SSO using the **Server**.\nIt does not hold any user information.\n\nKey\n---\n\nA unique key identifying a **Client**. This key can be made public.\n\nSecret\n------\n\nA secret key shared between the **Server** and a single **Client**. This secret\nshould never be shared with anyone other than the **Server** and **Client** and\nmust not be transferred unencrypted.\n\nWorkflow\n********\n\n* User wants to log into a **Client** by clicking a \"Login\" button. The\n  initially requested URL can be passed using the ``next`` GET parameter.\n* The **Client**'s Python code does a HTTP request to the **Server** to request a\n  authentication token, this is called the **Request Token Request**.\n* The **Server** returns a **Request Token**.\n* The **Client** redirects the User to a view on the **Server** using the\n  **Request Token**, this is the **Authorization Request**.\n* If the user is not logged in the the **Server**, they are prompted to log in.\n* The user is redirected to the **Client** including the **Request Token** and a\n  **Auth Token**, this is the ``Authentication Request``.\n* The **Client**'s Python code does a HTTP request to the **Server** to verify the\n  **Auth Token**, this is called the **Auth Token Verification Request**.\n* If the **Auth Token** is valid, the **Server** returns a serialized Django User\n  object.\n* The **Client** logs the user in using the Django User received from the **Server**.\n\nRequests\n********\n\nGeneral\n-------\n\nAll requests have a ``signature`` and ``key`` parameter, see **Security**.\n\nRequest Token Request\n---------------------\n\n* Client: Python\n* Target: **Server**\n* Method: GET\n* Extra Parameters: None\n* Responses:\n\n    * ``200``: Everything went fine, the body of the response is a url encoded\n      query string containing with the ``request_token`` key holding the\n      **Request Token** as well as the ``signature``.\n    * ``400``: Bad request (missing GET parameters)\n    * ``403``: Forbidden (invalid signature)\n\n\nAuthorization Request\n---------------------\n\n* Client: Browser (User)\n* Target: **Server**\n* Method: GET\n* Extra Parameters:\n\n    * ``request_token``\n\n* Responses:\n\n    * ``200``: Everything okay, prompt user to log in or continue.\n    * ``400``: Bad request (missing GET parameter).\n    * ``403``: Forbidden (invalid **Request Token**).\n\n\nAuthentication Request\n----------------------\n\n* Client: Browser (User)\n* Target: **Client**\n* Method: GET\n* Extra Parameters:\n\n    * ``request_token``: The **Request Token** returned by the\n      **Request Token Request**.\n    * ``auth_token``: The **Auth Token** generated by the **Authorization Request**.\n\n* Responses:\n\n    * ``200``: Everything went fine, the user is now logged in.\n    * ``400``: Bad request (missing GET parameters).\n    * ``403``: Forbidden (invalid **Request Token**).\n\n\nAuth Token Verification Request\n-------------------------------\n\n* Client: Python\n* Target: **Server**\n* Method: GET\n* Extra Parameters:\n\n    * ``auth_token``: The **Auth Token** obtained by the **Authentication Request**.\n\n* Responses:\n\n    * ``200``: Everything went fine, the body of the response is a url encoded\n      query string containing the ``user`` key which is the JSON serialized\n      representation of the Django user to create as well as the ``signature``.\n\nSecurity\n********\n\nEvery request is signed using HMAC-SHA256. The signature is in the ``signature``\nparameter. The signature message is the urlencoded, alphabetically ordered\nquery string. The signature key is the **Secret** of the **Client**. To verify\nthe signature the ``key`` paramater holding the **key** of the **Client** is\nalso sent with every request from the **Client** to the **Server**.\n\nExample\n-------\n\nGET Request with the GET parameters ``key=bundle123`` and the private key\n``secret key``: ``fbf6396d0fc40d563e2be3c861f7eb5a1b821b76c2ac943d40a7a63b288619a9``\n\nThe User object\n***************\n\nThe User object returned by a successful **Auth Token Verification Request**\ndoes not contain all the information about the Django User, in particular, it\ndoes not contain the password.\n\nThe user object contains must contain at least the following data:\n\n* ``username``: The unique username of this user.\n* ``email``: The email of this user.\n* ``first_name``: The first name of this user, this field is required, but may\n  be empty.\n* ``last_name``: The last name of this user, this field is required, but may\n  be empty.\n* ``is_staff``: Can this user access the Django admin on the **Client**?\n* ``is_superuser``: Does this user have superuser access to the **Client**?\n* ``is_active``: Is the user active?\n\nImplementation\n**************\n\nOn the server\n-------------\n\n* Add ``simple_sso.sso_server`` to ``INSTALLED_APPS``.\n* Create an instance (potentially of a subclass) of\n  ``simple_sso.sso_server.server.Server`` and include the return value of the\n  ``get_urls`` method on that instance into your url patterns.\n\n\nOn the client\n-------------\n\n* Create a new instance of ``simple_sso.sso_server.models.Consumer`` on the\n  **Server**.\n* Add the ``SIMPLE_SSO_SECRET`` and ``SIMPLE_SSO_KEY`` settings as provided by\n  the **Server**'s ``simple_sso.sso_server.models.Client`` model.\n* Add the ``SIMPLE_SSO_SERVER`` setting which is the absolute URL pointing to\n  the root where the ``simple_sso.sso_server.urls`` where include on the\n  **Server**.\n* Add the ``simple_sso.sso_client.urls`` patterns somewhere on the client.\n\n\nRunning Tests\n*************\n\nYou can run tests by executing::\n\n    virtualenv env\n    source env/bin/activate\n    pip install -r tests/requirements.txt\n    python setup.py test\n\n\n.. |pypi| image:: https://badge.fury.io/py/django-simple.sso.svg\n    :target: http://badge.fury.io/py/django-simple.sso\n.. |build| image:: https://travis-ci.org/divio/django-simple.sso.svg?branch=master\n    :target: https://travis-ci.org/divio/django-simple.sso\n.. |coverage| image:: https://codecov.io/gh/divio/django-simple.sso/branch/master/graph/badge.svg\n    :target: https://codecov.io/gh/divio/django-simple.sso\n\n.. |python| image:: https://img.shields.io/badge/python-3.5+-blue.svg\n    :target: https://pypi.org/project/django-simple.sso/\n.. |django| image:: https://img.shields.io/badge/django-2.2,%203.0,%203.1-blue.svg\n    :target: https://www.djangoproject.com/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdivio%2Fdjango-simple-sso","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdivio%2Fdjango-simple-sso","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdivio%2Fdjango-simple-sso/lists"}