How to setup Dataporten (Feide etc.) login¶
Settings¶
Make sure your AUTHENTICATION_BACKENDS
setting includes
"allauth.account.auth_backends.AuthenticationBackend"
.
Example:
INSTALLED_APPS += [
'devilry.devilry_dataporten_allauth',
]
AUTHENTICATION_BACKENDS = [
'allauth.account.auth_backends.AuthenticationBackend',
]
You can have more authentication backends than just the _allauth_ backend, but if you only have the allauth backend, login will redirect directly to dataporten for login instead of asking users how they wish to sign in.
Setup the dataporten application¶
Go to https://dashboard.dataporten.no/, and create a new application. You probably want to create the application within an organization instead of a personal app, but for local testing, a personal app should work.
In the create new application popup¶
Name: Whatever you want (Typically: “Devilry”, “My Devilry test”, etc.)
OAuth 2.0 Redirect URL:
https://<devilry domain>/authenticate/allauth/dataporten/login/callback/
. E.g.: https://devilry.example.com/authenticate/allauth/dataporten/login/callback/. For localhost development, you can uselocalhost:8000
as the<devilry domain>
, and http instead of https.
Within the application dashboard¶
Permissions¶
Devilry requires that you include the following scopes:
Profilinfo
Bruker-ID
E-post
Feide-navn
Auth providers¶
You will most likely want to deselect: Accept all social networks, Feide gjestebrukere and Feide testbrukere. For testing purposes, Feide testbrukere may be useful, but not for production.
You will most likely want to deselect Åpne for alle i utdanningsektoren, and just select the relevant schools.
Add required data to the database¶
Setup your primary domain with:
$ python manage.py devilry_setup_primary_domain <your domain here>
$ ... E.g.:
$ python manage.py devilry_setup_primary_domain devilry.example.com
Setup dataporten credentials:
$ python manage.py devilry_setup_dataporten_provider <OAuth Client credentials>
$ ... E.g.:
$ python manage.py devilry_setup_dataporten_provider xxx-xxx-xxx-xxx-xxxxx
Note
You find the credentials for your app via https://dashboard.dataporten.no (in the OAuth credentials section).
Use username instead of feide ID¶
By default, we use the userid_sec
field from Dataporten as the
“shortname” for users. This field is not very pretty, but it is unique.
This means that the shortname which is used some places in the UI, looks
something like this: feide:myuser@uio.no
.
You can change this to just myuser
(the username part) for a single
userid_sec
suffix with the DEVILRY_FEIDE_USERID_SEC_TO_USERNAME_SUFFIX
setting. For example:
DEVILRY_FEIDE_USERID_SEC_TO_USERNAME_SUFFIX = 'uio.no'
If you forget this, and set it later, the shortname of users will be updated the next time they login.