How to setup Dataporten (Feide etc.) login

Settings

Make sure your AUTHENTICATION_BACKENDS setting includes "allauth.account.auth_backends.AuthenticationBackend".

Example:

INSTALLED_APPS += [
    'devilry.devilry_dataporten_allauth',
]

AUTHENTICATION_BACKENDS = [
    'allauth.account.auth_backends.AuthenticationBackend',
]

You can have more authentication backends than just the _allauth_ backend, but if you only have the allauth backend, login will redirect directly to dataporten for login instead of asking users how they wish to sign in.

Setup the dataporten application

Go to https://dashboard.dataporten.no/, and create a new application. You probably want to create the application within an organization instead of a personal app, but for local testing, a personal app should work.

In the create new application popup

• Name: Whatever you want (Typically: “Devilry”, “My Devilry test”, etc.)

• OAuth 2.0 Redirect URL: https://<devilry domain>/authenticate/allauth/dataporten/login/callback/. E.g.: https://devilry.example.com/authenticate/allauth/dataporten/login/callback/. For localhost development, you can use localhost:8000 as the <devilry domain>, and http instead of https.

Within the application dashboard

Permissions

Devilry requires that you include the following scopes:

• Profilinfo

• Bruker-ID

• E-post

• Feide-navn

Auth providers

You will most likely want to deselect: Accept all social networks, Feide gjestebrukere and Feide testbrukere. For testing purposes, Feide testbrukere may be useful, but not for production.

You will most likely want to deselect Åpne for alle i utdanningsektoren, and just select the relevant schools.

Add required data to the database

Setup your primary domain with:

$ python manage.py devilry_setup_primary_domain <your domain here>
$ ... E.g.:
$ python manage.py devilry_setup_primary_domain devilry.example.com

Setup dataporten credentials:

$ python manage.py devilry_setup_dataporten_provider <OAuth Client credentials>
$ ... E.g.:
$ python manage.py devilry_setup_dataporten_provider xxx-xxx-xxx-xxx-xxxxx

Note

You find the credentials for your app via https://dashboard.dataporten.no (in the OAuth credentials section).

Use username instead of feide ID

By default, we use the userid_sec field from Dataporten as the “shortname” for users. This field is not very pretty, but it is unique. This means that the shortname which is used some places in the UI, looks something like this: feide:myuser@uio.no.

You can change this to just myuser (the username part) for a single userid_sec suffix with the DEVILRY_FEIDE_USERID_SEC_TO_USERNAME_SUFFIX setting. For example:

DEVILRY_FEIDE_USERID_SEC_TO_USERNAME_SUFFIX = 'uio.no'

If you forget this, and set it later, the shortname of users will be updated the next time they login.