{"id":14972818,"url":"https://github.com/mesemus/django-openid-op","last_synced_at":"2025-06-24T06:02:50.269Z","repository":{"id":57421120,"uuid":"112387077","full_name":"mesemus/django-openid-op","owner":"mesemus","description":"Implementation of OpenID Connect's OP (aka identity provider, login server)","archived":false,"fork":false,"pushed_at":"2021-05-03T18:25:31.000Z","size":162,"stargazers_count":4,"open_issues_count":3,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-23T14:13:06.448Z","etag":null,"topics":["authorization","connect","django","login-server","openid","provider"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mesemus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-11-28T20:44:09.000Z","updated_at":"2022-10-25T21:56:33.000Z","dependencies_parsed_at":"2022-09-13T14:00:30.982Z","dependency_job_id":null,"html_url":"https://github.com/mesemus/django-openid-op","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/mesemus/django-openid-op","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesemus%2Fdjango-openid-op","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesemus%2Fdjango-openid-op/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesemus%2Fdjango-openid-op/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesemus%2Fdjango-openid-op/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mesemus","download_url":"https://codeload.github.com/mesemus/django-openid-op/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesemus%2Fdjango-openid-op/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261618030,"owners_count":23185084,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","connect","django","login-server","openid","provider"],"created_at":"2024-09-24T13:47:35.268Z","updated_at":"2025-06-24T06:02:50.225Z","avatar_url":"https://github.com/mesemus.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/mesemus/django-openid-op.svg?branch=master)](https://travis-ci.org/mesemus/django-openid-op)\n[![Coverage](https://codecov.io/gh/mesemus/django-openid-op/branch/master/graph/badge.svg)](https://codecov.io/gh/mesemus/django-openid-op)\n\u003c!---\n\n [![Requirements Status](https://requires.io/github/mesemus/django-openid-idp/requirements.svg?branch=master)](https://requires.io/github/mesemus/django-openid-idp/requirements/?branch=master)\n [![Test report](https://img.shields.io/badge/tests-report-blue.svg)](https://mesemus.github.io/django-openid-idp/test_report.html)\n [![Coverage report](https://img.shields.io/badge/coverage-report-blue.svg)](https://mesemus.github.io/django-openid-idp/htmlcov/index.html)\n [![Docs](https://readthedocs.org/projects/pip/badge/)](http://django-openid-idp.readthedocs.io/en/latest/)\n--\u003e\n\nUnder development, please do not use yet.\n\n# django-openid-op\n\nThis django application provides an implementation of OpenID Connect identity server\n(OpenID provider). You can use it, for example, for building centralized authorization\nserver to which clients connect via the OpenID or OAuth2.0 protocol.\n\nThis library is compatible with python-social-auth package that can be used\nas an OpenID client to access this server.\n\nThe following features of the OpenID Connect specification are implemented:\n\n   * Basic profile from the OpenID Connect Core, including JWT signing\n   * Subset of OpenID Connect Dynamic Registration\n   * Subset of OpenID Content Discovery\n\nSetting up\n==========\n\nAuthorization server\n--------------------\n\nThis library prefers Python 3.6 as it depends on ```secrets``` module.\nIf running in python 3.5, a backported version of ```secrets``` module \nfrom python 3.6.1 is used.\n\n1. Set up virtualenv and create the authorization_server project\n\nTODO: add pip \n\n```bash\n\ncd /tmp\nmkdir test\ncd test\n\nvirtualenv --python=python3.6 venv-server\nsource venv-server/bin/activate\npip install django-openid-op\n\ndjango-admin startproject authorization_server\n(cd authorization_server; django-admin startapp web)\n\n```\n\n2. Edit the ```authorization_server/authorization_server/settings.py``` file and append the following lines to the end of the file:\n\n```python\n\nINSTALLED_APPS += [\n    'openid_connect_op',\n    'web'\n]\n\nAPPEND_SLASH = False\n```\n\n3. Run ```python authorization_server/manage.py migrate```\n\n4. Create keys that will be used to sign tokens:\n\n```bash\npython authorization_server/manage.py create_jwt_keys\n```\n\n5. Check that the server runs so far\n```bash\npython authorization_server/manage.py runserver\ngoogle-chrome http://localhost:8000/\n```\n\n6. Modify ```authorization_server/authorization_server/urls.py```\n\n```python\n# added \", include\" here\nfrom django.conf.urls import url, include\nfrom django.contrib import admin\n\nurlpatterns = [\n    url(r'^admin/', admin.site.urls),\n    # added these lines\n    url('^', include('openid_connect_op.urls')),\n    url('^', include('django.contrib.auth.urls')),\n]\n\n```\n\nThis will create the following urls:\n\n   * ```/.well-known/openid-configuration``` - URL that returns configuration of this OpenID provider according to RFC 5785\n   * ```/openid/jwks``` - returns the public key that clients may use to validate received information\n   * ```/openid/authorize```, ```/openid/token``` - OpenID authorization and token endpoints\n   * ```/openid/userinfo``` - OpenID user information endpoint\n   * ```/openid/register``` - Dynamic client registration service\n\nStart the server and try to point Postman or browser to ```http://localhost:8000/.well-known/openid-configuration```\nand ```http://localhost:8000/openid/jwks``` to check that the step above works.\n\n7. Add login template\n\n```bash\n\nmkdir -p authorization_server/web/templates/registration\nnano authorization_server/web/templates/registration/login.html\n```\nand put there standard logging template from django docs:\n```html\n\u003chtml\u003e\n  \u003cbody\u003e\n    {% if form.errors %}\n    \u003cp\u003eYour username and password didn't match. Please try again.\u003c/p\u003e\n    {% endif %}\n\n    {% if next %}\n        {% if user.is_authenticated %}\n        \u003cp\u003eYour account doesn't have access to this page. To proceed,\n        please login with an account that has access.\u003c/p\u003e\n        {% else %}\n        \u003cp\u003ePlease login to see this page.\u003c/p\u003e\n        {% endif %}\n    {% endif %}\n\n    \u003cform method=\"post\" action=\"{% url 'login' %}\"\u003e\n        {% csrf_token %}\n        \u003ctable\u003e\n        \u003ctr\u003e\n            \u003ctd\u003e{{ form.username.label_tag }}\u003c/td\u003e\n            \u003ctd\u003e{{ form.username }}\u003c/td\u003e\n        \u003c/tr\u003e\n        \u003ctr\u003e\n            \u003ctd\u003e{{ form.password.label_tag }}\u003c/td\u003e\n            \u003ctd\u003e{{ form.password }}\u003c/td\u003e\n        \u003c/tr\u003e\n        \u003c/table\u003e\n\n        \u003cinput type=\"submit\" value=\"login\" /\u003e\n        \u003cinput type=\"hidden\" name=\"next\" value=\"{{ next }}\" /\u003e\n    \u003c/form\u003e\n  \u003c/body\u003e\n\u003c/html\u003e\n```\n\n8. Create a sample user\n\n```bash\npython authorization_server/manage.py createsuperuser\nUsername (leave blank to use 'simeki'): admin\nEmail address: admin@example.com\nPassword:\nPassword (again):\nSuperuser created successfully.\n```\n\nTry to log in at ```http://localhost:8000/login```.\n\nCongratulations, you have successfully set up an OpenID Connect\nauthentication server.\n\nClient web server\n-----------------\n\n1. Run in another shell:\n\n```bash\n\nvirtualenv --python=python3.6 venv-client\nsource venv-client/bin/activate\npip install django social-auth-app-django\n\ndjango-admin startproject web_server\n(cd web_server; django-admin startapp web)\n```\n\n\n2. In the authorization server's shell, register the newly created web server\n\n```python\npython authorization_server/manage.py register_openid_client \\\n      --redirect-url 'http://localhost:9000/complete/openid/' \\\n      --server-name  'My test server' \\\n      --auth-type post\n\n\u003e Registration successfull, please configure the server with:\n\u003e     Client ID (KEY in settings.py): aaaaaaa\n\u003e     Client Secret (SECRET in settings.py): bbbbbb\n```\n\n3. Edit the ```web_server/web_server/settings.py``` file and append the following lines to the end of the file:\n\n```python\n\n    AUTHENTICATION_BACKENDS = (\n        'web.backends.OpenIdConnect',\n        'django.contrib.auth.backends.ModelBackend',\n    )\n\n    INSTALLED_APPS += [\n        'social_django',\n        'web'\n    ]\n\n    # url where authorization_server lives\n    OIDC_ENDPOINT = 'http://127.0.0.1:8000'\n\n    KEY = 'aaaaaaa'\n    SECRET = 'bbbbbb'\n\n    LOGIN_URL = '/login/openid/'\n\n```\n\n4. Edit ```web_server/web/backends.py```:\n\n```python\nfrom django.conf import settings\nfrom social_core.backends.open_id_connect import OpenIdConnectAuth\n\nclass OpenIdConnect(OpenIdConnectAuth):\n    OIDC_ENDPOINT = settings.OIDC_ENDPOINT\n    name = 'openid'\n```\n\n5. Create the index page (optionally):\n\n```bash\n\nmkdir -p web_server/web/templates\nnano web_server/web/templates/base.html\n```\n\n```html\n\u003chtml\u003e\n    \u003cbody\u003e\n        {% block content %} {% endblock %}\n    \u003c/body\u003e\n\u003c/html\u003e\n```\n\n```bash\nnano web_server/web/templates/index.html\n```\n\n```html\n{% extends \"base.html\" %}\n{% block content %}\n    \u003ch1\u003eHello!\u003c/h1\u003e\n    {% if not user.is_anonymous %}\n        \u003cp\u003e\n            Your name is {{ user.first_name }} {{ user.last_name }}, username {{ user.username }}, email {{ user.email }}\n        \u003c/p\u003e\n    {% else %}\n        \u003cp\u003e\n            Would you like to \u003ca href=\"/login/openid/?next=/\"\u003elog in\u003c/a\u003e?\n        \u003c/p\u003e\n    {% endif %}\n{% endblock %}\n```\n\n```bash\nnano web_server/web/views.py\n```\n\n```python\nfrom django.views.generic import TemplateView\n\nclass IndexView(TemplateView):\n    template_name = 'index.html'\n```\n\n```bash\nnano web_server/web_server/urls.py\n```\n\n```python\nfrom django.conf.urls import url\nfrom django.contrib import admin\nimport web.views\n\nurlpatterns = [\n    url(r'^admin/', admin.site.urls),\n    url(r'^/$', web.views.IndexView.as_view()),\n]\n```\n\n6. Start the server and go to the index page or ```http://localhost:9000/login/openid/```\n\n```bash\npython web_server/manage.py runserver localhost:9000\n```\n\nSee docs and API at http://django-openid-op.readthedocs.io/en/latest/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmesemus%2Fdjango-openid-op","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmesemus%2Fdjango-openid-op","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmesemus%2Fdjango-openid-op/lists"}