Add working OIDC example

uhepp_org/requirements.txt

 django
 djangorestframework
+mozilla-django-oidc

uhepp_org/uhepp_org/settings.py

@@ -25,22 +25,41 @@ SECRET_KEY = 'o-08ul47ou_j61zd)14(mjw&f&&ow95boa9nky=jn^%tv(+hqk'
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ['*']
 
 
 # Application definition
 
+OIDC_RP_CLIENT_ID = 'uhepp-dev'
+OIDC_RP_CLIENT_SECRET = os.environ['OIDC_RP_CLIENT_SECRET']
+
+OIDC_RP_SIGN_ALGO = "RS256"
+OIDC_OP_JWKS_ENDPOINT = "https://auth.cern.ch/auth/realms/cern/protocol/openid-connect/certs"
+
+OIDC_OP_AUTHORIZATION_ENDPOINT = "https://auth.cern.ch/auth/realms/cern/protocol/openid-connect/auth"
+OIDC_OP_TOKEN_ENDPOINT = "https://auth.cern.ch/auth/realms/cern/protocol/openid-connect/token"
+OIDC_OP_USER_ENDPOINT = "https://auth.cern.ch/auth/realms/cern/protocol/openid-connect/userinfo"
+
+LOGIN_REDIRECT_URL = "https://uhepp.org/login/cb"
+LOGOUT_REDIRECT_URL = "https://uhepp.org/"
+
 INSTALLED_APPS = [
-    'rest_framework.authtoken',
     'uhepp_vault',
     'uhepp_api',
     'django.contrib.admin',
     'django.contrib.auth',
+    'mozilla_django_oidc',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'rest_framework',
+    'rest_framework.authtoken',
+]
+
+AUTHENTICATION_BACKENDS = [
+    'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
+	'django.contrib.auth.backends.ModelBackend'
 ]
 
 REST_FRAMEWORK = {

uhepp_org/uhepp_org/urls.py

@@ -19,5 +19,6 @@ from django.urls import path, include
 urlpatterns = [
     path('', include('uhepp_vault.urls')),
     path('api/', include('uhepp_api.urls')),
+    path('oidc/', include('mozilla_django_oidc.urls')),
     path('admin/', admin.site.urls),
 ]

uhepp_org/uhepp_vault/templates/registration/login.html

+
+<form method="post">{% csrf_token %}
+{{ form }}
+<button type="submit">Log in</button>
+
+<hr />
+
+<a href="{% url 'oidc_authentication_init' %}">Login via CERN SSO</a>

uhepp_org/uhepp_vault/templates/uhepp_vault/account.html

+{% if user %}
+You are logged in as {{ user.username }}, id: {{ user.id }}.
+{% else %}
+You are not logged in. <a href="{% url 'login' %}">login</a>
+{% endif %}

uhepp_org/uhepp_vault/templates/uhepp_vault/token.html

+<p>You are {{ user.username }}.</p>
+{% if tokens %}
+  <ul>
+  {% for token in tokens %}
+    <li>{{ token.created }}: {{ token.key }}</li>
+  {% endfor %}
+  </ul>
+{% else %}
+    <p>You don't have any tokens.</p>
+{% endif %}

uhepp_org/uhepp_vault/urls.py

 from django.urls import path, include
+from django.contrib.auth import views as auth_views
 
 from . import views
 
@@ -6,6 +7,9 @@ app_name = 'uhepp_vault'
 urlpatterns = [
     path('', views.home, name='home'),
     path('p/', views.PlotIndex.as_view(), name='plot-index'),
+    path('tokens/', views.token_index, name='token-index'),
+    path('accounts/', views.account, name='account'),
+    path('accounts/login/', auth_views.LoginView.as_view()),
     path('p/<str:pk>/', views.PlotDetail.as_view(), name='plot-detail'),
     path('p/<str:uuid>/json', views.plot_detail_json, name='plot-detail-json'),
 ]

uhepp_org/uhepp_vault/views.py

 from django.shortcuts import render
 from django.views import generic
 from django.http import JsonResponse
+from django.urls import reverse
 from django.shortcuts import get_object_or_404
+from django.contrib.auth.decorators import login_required
 
 from .models import Plot
 
@@ -25,4 +27,22 @@ def plot_detail_json(request, uuid):
 def home(request):
     plot_count = Plot.objects.count()
     context = dict(plot_count=plot_count)
-    return  render(request, "uhepp_vault/home.html", context=context)
+    return render(request, "uhepp_vault/home.html", context=context)
+
+@login_required
+def token_index(request):
+    context = {
+        'user': request.user,
+        'tokens': Token.objects.filter(user=request.user)
+    }
+    return render(request, "uhepp_vault/token.html", context=context)
+    
+@login_required
+def account(request):
+    context = {
+        'user': request.user,
+    }
+    return render(request, "uhepp_vault/account.html", context=context)
+    
+
+