Skip to content

Commit 7feb733

Browse files
thenav56thenav56
committed
Add docs for using SSO (local development)
1 parent bd59e21 commit 7feb733

File tree

2 files changed

+67
-0
lines changed

2 files changed

+67
-0
lines changed

README.md

+4
Original file line numberDiff line numberDiff line change
@@ -289,3 +289,7 @@ To update GO countries and districts Mapbox tilesets, run the management command
289289

290290
## Import GEC codes
291291
To import GEC codes along with country ids, run `python manage.py import-gec-code appeal_ingest_match.csv`. The CSV should have the columns `'GST_code', 'GST_name', 'GO ID', 'ISO'`
292+
293+
## SSO setup
294+
295+
For more info checkout [GO-SSO](./docs/go-sso.md)

docs/go-sso.md

+63
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
# Local development
2+
> [!NOTE]
3+
> Using https://github.com/IFRCGo/sdt-api/ as OIDC application
4+
5+
## GO-API: Django config
6+
> [!IMPORTANT]
7+
> `192.168.88.88` is used for local development only
8+
>
9+
> Make sure to replace `192.168.88.88` with your device IP within your local network
10+
>
11+
> This is to make sure your local browser and application (running inside docker) requiring SSO can communitate with go-api using same IP
12+
13+
Update .env with
14+
```
15+
DJANGO_ADDITIONAL_ALLOWED_HOSTS=192.168.88.88
16+
17+
OIDC_ENABLE=true
18+
OIDC_RSA_PRIVATE_KEY_BASE64_ENCODED=YOUR-ENCODED-VALUE
19+
OIDC_RSA_PUBLIC_KEY_BASE64_ENCODED=YOUR-ENCODED-VALUE
20+
```
21+
> [!TIP]
22+
> Generate OIDC RSA keys with 4096 bits using [RSA-KEY-PAIR-GENERATOR](https://it-tools.tech/rsa-key-pair-generator)
23+
>
24+
> Then, encode the keys using [BASE64-STRING-CONVERTER](https://it-tools.tech/base64-string-converter)
25+
26+
> [!IMPORTANT]
27+
> Make sure to run `docker compose up -d serve` to update the container with newly added environment variables
28+
>
29+
> Make sure to run `docker compose run --rm migrate` to run any pending SSO database migrations
30+
31+
## GO-API: Add new local SSO app
32+
Add new "application" from the Django Admin Panel - http://192.168.88.88:8000/en/admin/oauth2_provider/application/
33+
34+
Use the following parameters to create application for SDT:
35+
36+
|Config|Value|
37+
|--|--|
38+
|Redirect uris | http://localhost:8080/accounts/oidc/ifrcgo/login/callback/ |
39+
|Client type | Public |
40+
|Authorization grant type | Authorization code |
41+
|Hash client secret | true |
42+
|Name | SDT Local |
43+
|Algorithm | RSA with SHA-2 256 |
44+
45+
> [!NOTE]
46+
> We are assuming the application is running locally at port 8080
47+
48+
> [!WARNING]
49+
> Copy the **"Client secret:"** before saving the form as it will be hashed after save.
50+
>
51+
> We will also need the client id on the next step.
52+
53+
## SDT: Django config
54+
55+
Add/update the following variables in the `.env` file:
56+
```bash
57+
# OIDC config
58+
OIDC_ADMIN_PANEL_ENABLED=true # Disable this if you can't access admin panel
59+
OIDC_IFRCGO_ENABLED=true
60+
OIDC_IFRCGO_OIDC_ENDPOINT=http://192.168.88.88:8000/o
61+
OIDC_IFRCGO_CLIENT_ID=CLIENT-ID-FROM-GO-API
62+
OIDC_IFRCGO_CLIENT_SECRET=CLIENT-SECRET-FROM-GO-API
63+
```

0 commit comments

Comments
 (0)