# Tahoe Identity Provider [](https://github.com/appsembler/tahoe-idp/actions/workflows/tests.yml) 
A package of IdP user authentication modules designed to work in Open edX.
## README NEEDS UPDATE
The readme is obsolete because this package is now using FusionAuth instead of Auth0.
## 0. Prerequisites
To be able to use this library, you need to have the following
- An Auth0 [Tenant](https://auth0.com/docs/get-started/create-tenants).
- An Auth0 [API](https://auth0.com/docs/get-started/set-up-apis)
- An Auth0 [Machine to Machine](https://auth0.com/docs/get-started/create-apps/machine-to-machine-apps) application.
- At least one organization.
- One custom connection.
### 0.1. Configuring the API
We need to register an API to perform user registration and to communicate with
Auth0 organizations.
Your API must have the following permissions:
- `read:users`
- `update:users`
- `delete:users`
- `create:users`
- `read:user_idp_tokens`
- `read:organizations`
- `create:organization_invitations`
### 0.2. Configuring the Machine to Machine application
We need to integrate Auth0 with a machine-to-machine (M2M) application. This library
will use this Machine to Machine application to be able to communicate with
the API we configured above for two purposes:
- Registering users.
- Reading organizations and hook them with edx-platform.
This application doesn't require extra configuration.
> **NOTE**
>
> The Client ID and Secret of this application are going to be added to
> `TAHOE_IDP_CONFIGS` settings.
### 0.3. Hooking the Machine to Machine application with the API
Go to the settings page of your API. Click **Machine to Machine Applications** tab and:
- Authorize your Machine to Machine application created in the previous step to use the API.
- Allow this Machine to Machine application to use all the permission specified above from this API.
### 0.4. Create Regular Web Application
This application is the primary application our edX platoform is going to use
to authenticate users.
- For the **Allowed Callback URLs** use something similar to this [http://*.devstack.site:18000/auth/complete/tahoe-idp/]() or configure yours.
- For the **Allowed Logout URLs** use something similar to this [http://localhost:18000/]() or configure yours.
> **NOTE**
>
> The Client ID and Secret of this application are going to be used in the
> edx-platform Admin settings.
### 0.5. Configure the Organization
Each organization is going to be mapped to a single edx-platform organization.
- The Auth0 organization ID (Similar to `org_1Ab2Cd3`) should be saved into `admin` config in Site Configuration.
- Save the organization ID to create a connection later.
### 0.6. Configure the Connection
Go to your tenant's _Authentication > Database_ section, and create a custom
connection for your organization.
- Connection name must be `con-{org_id}` (For example `con-1Ab2Cd3`).
- Save the connection ID in `IDP_CONNECTION_ID` the `admin` config in Site Configuration.
- Set `Requires Username` to true and its maximum length to 30 to match current edX setup.
- In the Applications tab of your connection; Allow your `Regular Web Application` and `Machine to Machine`.
- Go back to the settings page of the organization you just created, click `Connection`, then:
- Enable the connection you created above.
- Make sure to "Enable Auto-Membership"
You should be all set now.
## 1. Install
### 1.1. Production
To use this library in production, add the following to you Ansible deployment:
```yaml
EDXAPP_EXTRA_REQUIREMENTS:
- name: 'git+https://github.com/appsembler/tahoe-idp.git#egg=tahoe-idp'
```
### 1.2. Devstack
We can achieve this using two ways. Both of these methods work in Sultan and
normal Docker setup:
#### 1.2.1. A quick setup (not persistent).
```shell
cd /path/to/devstack
make lms-shell
pip install git+https://github.com/appsembler/tahoe-idp
```
#### 1.2.2. Sultan
In your sultan in configurations file (`configs/.configs.<username>`), append
the repo path to `EDXAPP_EXTRA_REQUIREMENTS`:
```shell
EDXAPP_EXTRA_REQUIREMENTS="...,https://github.com/appsembler/tahoe-idp.git,..."
```
Then on your host machine run the following command:
```shell
sultan instance reconfigure
```
> **NOTE**
>
> Using this method requires you to manually install `python-jose==3.2.0` in LMS shell
> ```
> $ make lms-shell
> $ pip install python-jose==3.2.0 # version 3.3.0 won't work on python 3.5
> ```
## 2. Configure the edX app
This package is following edx-platform plugin architecture. Check [plugins#0b4072b](https://github.com/edx/edx-django-utils/tree/0b4072bea3c4610d654a670b3047a7391deaa69f/edx_django_utils/plugins) documentation for more info on plugins.
In your `edxapp-envs/lms.yml`:
```yaml
EDXAPP_EXTRA_REQUIREMENTS:
- name: "tahoe-idp"
FEATURES:
...
ENABLE_TAHOE_IDP: true
...
THIRD_PARTY_AUTH_BACKENDS: [
"tahoe_idp.backend.TahoeIdpOAuth2"
]
TAHOE_IDP_CONFIGS:
DOMAIN: <domain>
API_CLIENT_ID: <client id>
API_CLIENT_SECRET: <client secret>
...
```
#### Settings Description
- `THIRD_PARTY_AUTH_BACKENDS`: Tell Django to use this backend when attempting to authenticate a user.
- `FEATURES`: edX platform features settings
- `ENABLE_TAHOE_IDP`: A switch to enable/disable this plugin. We will use this value if and only if `ENABLE_TAHOE_IDP` is not defined in Site Configurations.
- `TAHOE_IDP_CONFIGS` A parent node of Auth0 settings. If not configured while the plugin is enabled, we will raise an error.
- `DOMAIN`: Your Auth0 Domain assigned to you when creating the tenant, or your configured [Custom Domain](https://auth0.com/docs/brand-and-customize/custom-domains).
- `API_CLIENT_ID`: The client ID of your Auth0 _Machine to Machine_ app. Fetched from `Auth0 Site > Applications > Applications > Your Machine to Machine App > Client ID`
- `API_CLIENT_SECRET`: The client Secret of your Auth0 _Machine to Machine_ app. Fetched from `Auth0 Site > Applications > Applications > Your Machine to Machine App > Client Secret`
Now run `make dev.up`, or `sultan devstack up` if you're using Sultan.
> **NOTE**
>
> You might need to restart your devstack at this point using `make lms-restart`
## 3. Admin Panel Configurations
At this stage, you were able to hook the library with Open edX, to finalize
the setup, you need to add some additional configurations in your LMS admin
panel.
- In your browser, head to [http://localhost:18000/admin]()
- Go to [THIRD-PARTY AUTHENTICATION > Provider Configuration (OAuth)](http://localhost:18000/admin/third_party_auth/oauth2providerconfig/).
- Click **Add Provider Configuration**.
- Check `Enabled`.
- For the `Name` field, we're going to call it `Auth0`.
- Check `Skip registration form` (This library will handle this).
- Check `Skip email verification` (Auth0 will handle this).
- Check `Visible`.
- Choose `tahoe-idp` in the `Backend Name` field.
- Insert your Auth0 _Regular Web Application_'s `Client ID` and `Client Secret`.
- In `Other Settings`, insert the following:
```json
{"SCOPE": ["openid profile email"]}
```
> **NOTE**
>
> Using these scopes will make sure edX Platform can read the user's email
> and profile from Auth0.
## 4. Auth0's Django tutorial
The implementation in this project was based on the Auth0's Django tutorial here:
[https://auth0.com/docs/quickstart/webapp/django/01-login#configure-auth0](https://auth0.com/docs/quickstart/webapp/django/01-login#configure-auth0)
Raw data
{
"_id": null,
"home_page": "https://github.com/appsembler/tahoe-idp",
"name": "tahoe-idp",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.5",
"maintainer_email": "",
"keywords": "",
"author": "Appsembler",
"author_email": "ops@appsembler.com",
"download_url": "https://files.pythonhosted.org/packages/51/5d/959eed820444b9deb03825f337afc702e84cde6fb7d79aca1714bc27190f/tahoe-idp-2.6.0.tar.gz",
"platform": null,
"description": "# Tahoe Identity Provider [](https://github.com/appsembler/tahoe-idp/actions/workflows/tests.yml) \n\nA package of IdP user authentication modules designed to work in Open edX.\n\n\n## README NEEDS UPDATE\nThe readme is obsolete because this package is now using FusionAuth instead of Auth0.\n\n\n## 0. Prerequisites\nTo be able to use this library, you need to have the following\n- An Auth0 [Tenant](https://auth0.com/docs/get-started/create-tenants).\n- An Auth0 [API](https://auth0.com/docs/get-started/set-up-apis)\n- An Auth0 [Machine to Machine](https://auth0.com/docs/get-started/create-apps/machine-to-machine-apps) application.\n- At least one organization.\n- One custom connection.\n\n### 0.1. Configuring the API\nWe need to register an API to perform user registration and to communicate with\nAuth0 organizations.\n\nYour API must have the following permissions:\n - `read:users`\n - `update:users`\n - `delete:users`\n - `create:users`\n - `read:user_idp_tokens`\n - `read:organizations`\n - `create:organization_invitations`\n\n### 0.2. Configuring the Machine to Machine application\nWe need to integrate Auth0 with a machine-to-machine (M2M) application. This library\nwill use this Machine to Machine application to be able to communicate with\nthe API we configured above for two purposes:\n - Registering users.\n - Reading organizations and hook them with edx-platform.\n\nThis application doesn't require extra configuration.\n\n> **NOTE**\n>\n> The Client ID and Secret of this application are going to be added to\n> `TAHOE_IDP_CONFIGS` settings.\n\n### 0.3. Hooking the Machine to Machine application with the API\nGo to the settings page of your API. Click **Machine to Machine Applications** tab and:\n - Authorize your Machine to Machine application created in the previous step to use the API.\n - Allow this Machine to Machine application to use all the permission specified above from this API.\n\n### 0.4. Create Regular Web Application\nThis application is the primary application our edX platoform is going to use\nto authenticate users.\n\n- For the **Allowed Callback URLs** use something similar to this [http://*.devstack.site:18000/auth/complete/tahoe-idp/]() or configure yours.\n- For the **Allowed Logout URLs** use something similar to this [http://localhost:18000/]() or configure yours.\n\n> **NOTE**\n>\n> The Client ID and Secret of this application are going to be used in the\n> edx-platform Admin settings.\n\n### 0.5. Configure the Organization\nEach organization is going to be mapped to a single edx-platform organization.\n- The Auth0 organization ID (Similar to `org_1Ab2Cd3`) should be saved into `admin` config in Site Configuration. \n- Save the organization ID to create a connection later.\n\n### 0.6. Configure the Connection\nGo to your tenant's _Authentication > Database_ section, and create a custom\nconnection for your organization.\n- Connection name must be `con-{org_id}` (For example `con-1Ab2Cd3`).\n- Save the connection ID in `IDP_CONNECTION_ID` the `admin` config in Site Configuration.\n- Set `Requires Username` to true and its maximum length to 30 to match current edX setup.\n- In the Applications tab of your connection; Allow your `Regular Web Application` and `Machine to Machine`.\n- Go back to the settings page of the organization you just created, click `Connection`, then:\n - Enable the connection you created above.\n - Make sure to \"Enable Auto-Membership\"\n\nYou should be all set now.\n\n## 1. Install\n\n### 1.1. Production\nTo use this library in production, add the following to you Ansible deployment:\n```yaml\nEDXAPP_EXTRA_REQUIREMENTS:\n - name: 'git+https://github.com/appsembler/tahoe-idp.git#egg=tahoe-idp'\n```\n\n### 1.2. Devstack\n\nWe can achieve this using two ways. Both of these methods work in Sultan and\nnormal Docker setup:\n\n#### 1.2.1. A quick setup (not persistent).\n```shell\ncd /path/to/devstack\nmake lms-shell\npip install git+https://github.com/appsembler/tahoe-idp\n```\n#### 1.2.2. Sultan\nIn your sultan in configurations file (`configs/.configs.<username>`), append\nthe repo path to `EDXAPP_EXTRA_REQUIREMENTS`:\n\n```shell\nEDXAPP_EXTRA_REQUIREMENTS=\"...,https://github.com/appsembler/tahoe-idp.git,...\"\n```\n\nThen on your host machine run the following command:\n```shell\nsultan instance reconfigure\n```\n\n> **NOTE**\n>\n> Using this method requires you to manually install `python-jose==3.2.0` in LMS shell\n> ```\n> $ make lms-shell\n> $ pip install python-jose==3.2.0 # version 3.3.0 won't work on python 3.5\n> ```\n\n## 2. Configure the edX app\nThis package is following edx-platform plugin architecture. Check [plugins#0b4072b](https://github.com/edx/edx-django-utils/tree/0b4072bea3c4610d654a670b3047a7391deaa69f/edx_django_utils/plugins) documentation for more info on plugins.\n\nIn your `edxapp-envs/lms.yml`:\n\n```yaml\nEDXAPP_EXTRA_REQUIREMENTS:\n - name: \"tahoe-idp\"\n\nFEATURES:\n ...\n ENABLE_TAHOE_IDP: true\n ...\n\nTHIRD_PARTY_AUTH_BACKENDS: [\n \"tahoe_idp.backend.TahoeIdpOAuth2\"\n]\n\nTAHOE_IDP_CONFIGS:\n DOMAIN: <domain>\n API_CLIENT_ID: <client id>\n API_CLIENT_SECRET: <client secret>\n...\n```\n\n#### Settings Description\n- `THIRD_PARTY_AUTH_BACKENDS`: Tell Django to use this backend when attempting to authenticate a user.\n- `FEATURES`: edX platform features settings\n - `ENABLE_TAHOE_IDP`: A switch to enable/disable this plugin. We will use this value if and only if `ENABLE_TAHOE_IDP` is not defined in Site Configurations.\n- `TAHOE_IDP_CONFIGS` A parent node of Auth0 settings. If not configured while the plugin is enabled, we will raise an error.\n - `DOMAIN`: Your Auth0 Domain assigned to you when creating the tenant, or your configured [Custom Domain](https://auth0.com/docs/brand-and-customize/custom-domains).\n - `API_CLIENT_ID`: The client ID of your Auth0 _Machine to Machine_ app. Fetched from `Auth0 Site > Applications > Applications > Your Machine to Machine App > Client ID`\n - `API_CLIENT_SECRET`: The client Secret of your Auth0 _Machine to Machine_ app. Fetched from `Auth0 Site > Applications > Applications > Your Machine to Machine App > Client Secret`\n\nNow run `make dev.up`, or `sultan devstack up` if you're using Sultan.\n\n> **NOTE**\n>\n> You might need to restart your devstack at this point using `make lms-restart`\n\n## 3. Admin Panel Configurations\nAt this stage, you were able to hook the library with Open edX, to finalize\nthe setup, you need to add some additional configurations in your LMS admin\npanel.\n\n- In your browser, head to [http://localhost:18000/admin]()\n- Go to [THIRD-PARTY AUTHENTICATION > Provider Configuration (OAuth)](http://localhost:18000/admin/third_party_auth/oauth2providerconfig/).\n- Click **Add Provider Configuration**.\n - Check `Enabled`.\n - For the `Name` field, we're going to call it `Auth0`.\n - Check `Skip registration form` (This library will handle this).\n - Check `Skip email verification` (Auth0 will handle this).\n - Check `Visible`.\n - Choose `tahoe-idp` in the `Backend Name` field.\n - Insert your Auth0 _Regular Web Application_'s `Client ID` and `Client Secret`.\n - In `Other Settings`, insert the following:\n ```json\n {\"SCOPE\": [\"openid profile email\"]}\n ```\n\n> **NOTE**\n>\n> Using these scopes will make sure edX Platform can read the user's email\n> and profile from Auth0.\n\n\n## 4. Auth0's Django tutorial\nThe implementation in this project was based on the Auth0's Django tutorial here:\n[https://auth0.com/docs/quickstart/webapp/django/01-login#configure-auth0](https://auth0.com/docs/quickstart/webapp/django/01-login#configure-auth0)\n",
"bugtrack_url": null,
"license": "",
"summary": "Tahoe IdP user authentication package for Tahoe.",
"version": "2.6.0",
"project_urls": {
"Bug Tracker": "https://github.com/appsembler/tahoe-idp/issues",
"Homepage": "https://github.com/appsembler/tahoe-idp"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "cf46b2bb6a8cae828fa547d293b11efac3f6d014793096bd175cb84660fe7c0f",
"md5": "7391c62b835c5ec06974ac99fba8e29f",
"sha256": "8808f898a268ff028109b07d2bdb86700ea00d192b944282874a8a1d14a4d829"
},
"downloads": -1,
"filename": "tahoe_idp-2.6.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7391c62b835c5ec06974ac99fba8e29f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.5",
"size": 21778,
"upload_time": "2023-08-23T23:05:20",
"upload_time_iso_8601": "2023-08-23T23:05:20.268696Z",
"url": "https://files.pythonhosted.org/packages/cf/46/b2bb6a8cae828fa547d293b11efac3f6d014793096bd175cb84660fe7c0f/tahoe_idp-2.6.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "515d959eed820444b9deb03825f337afc702e84cde6fb7d79aca1714bc27190f",
"md5": "656c2a14a8f5b1ab9866eff677ac6a65",
"sha256": "0ac7c8b67642cf4f51cb3971f1af6ce767068b7e6aab61e68d38c46a13dd187d"
},
"downloads": -1,
"filename": "tahoe-idp-2.6.0.tar.gz",
"has_sig": false,
"md5_digest": "656c2a14a8f5b1ab9866eff677ac6a65",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.5",
"size": 19630,
"upload_time": "2023-08-23T23:05:21",
"upload_time_iso_8601": "2023-08-23T23:05:21.840978Z",
"url": "https://files.pythonhosted.org/packages/51/5d/959eed820444b9deb03825f337afc702e84cde6fb7d79aca1714bc27190f/tahoe-idp-2.6.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-23 23:05:21",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "appsembler",
"github_project": "tahoe-idp",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"tox": true,
"lcname": "tahoe-idp"
}
JSON
