Add support for OIDC authentication with Fedora

This adds support for authenticating with Fedora's OpenID Connect (OIDC) provider. Existing users will be matched by email address, they should be able to use the new authentication method transparently. This requires getting a `client_id` and a `client_secret` from Fedora Infra, see `INSTALL.md`. Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-11-15 20:48:02 +00:00 · 2025-04-04 18:19:39 +02:00
parent 56780cba69
commit 99b4fdcbcd
9 changed files with 222 additions and 13 deletions
--- a/config.py
+++ b/config.py
@@ -44,6 +44,7 @@ AUTHENTICATION_BACKENDS = (
    # See INSTALL for more information.
    # 'django_auth_ldap.backend.LDAPBackend',
    "django_openid_auth.auth.OpenIDBackend",
+    "ivatar.ivataraccount.auth.FedoraOpenIdConnect",
    "django.contrib.auth.backends.ModelBackend",
 )

@@ -58,6 +59,10 @@ TEMPLATES[0]["OPTIONS"]["context_processors"].append(

 OPENID_CREATE_USERS = True
 OPENID_UPDATE_DETAILS_FROM_SREG = True
+SOCIAL_AUTH_JSONFIELD_ENABLED = True
+# Fedora authentication (OIDC). You need to set these two values to use it.
+SOCIAL_AUTH_FEDORA_KEY = None  # Also known as client_id
+SOCIAL_AUTH_FEDORA_SECRET = None  # Also known as client_secret

 SITE_NAME = os.environ.get("SITE_NAME", "libravatar")
 IVATAR_VERSION = "1.7.0"