From 37cc9c1bb880781c61f0697d7d414f18b213cdb1 Mon Sep 17 00:00:00 2001
From: sinavir <sinavir@sinavir.fr>
Date: Mon, 13 Feb 2023 15:26:52 +0100
Subject: [PATCH] init oidc

---
 hackens_orga/hackens_orga/secrets.py  |  2 ++
 hackens_orga/hackens_orga/settings.py | 17 +++++++++++++++++
 mozilla-django-oidc.nix               | 23 +++++++++++++++++++++++
 shell.nix                             |  4 +++-
 4 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 hackens_orga/hackens_orga/secrets.py
 create mode 100644 mozilla-django-oidc.nix

diff --git a/hackens_orga/hackens_orga/secrets.py b/hackens_orga/hackens_orga/secrets.py
new file mode 100644
index 0000000..22e82a1
--- /dev/null
+++ b/hackens_orga/hackens_orga/secrets.py
@@ -0,0 +1,2 @@
+OIDC_RP_CLIENT_ID = ""
+OIDC_RP_CLIENT_SECRET = ""
diff --git a/hackens_orga/hackens_orga/settings.py b/hackens_orga/hackens_orga/settings.py
index 8aa1583..389fd40 100644
--- a/hackens_orga/hackens_orga/settings.py
+++ b/hackens_orga/hackens_orga/settings.py
@@ -12,6 +12,20 @@ https://docs.djangoproject.com/en/3.2/ref/settings/
 
 from pathlib import Path
 
+from . import secret
+
+# import secrets
+
+OIDC_RP_CLIENT_ID = secret.OIDC_RP_CLIENT_ID
+OIDC_RP_CLIENT_SECRET = secret.OIDC_RP_CLIENT_SECRET
+
+# Mozilla OIDC
+
+OIDC_OP_AUTHORIZATION_ENDPOINT = "<URL of the OIDC OP authorization endpoint>"
+OIDC_OP_TOKEN_ENDPOINT = "<URL of the OIDC OP token endpoint>"
+OIDC_OP_USER_ENDPOINT = "<URL of the OIDC OP userinfo endpoint>"
+
+
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
@@ -37,6 +51,7 @@ INSTALLED_APPS = [
     "django.contrib.sessions",
     "django.contrib.messages",
     "django.contrib.staticfiles",
+    "mozilla_django_oidc",
     "rest_framework",
     # "django_extensions",
     "budget",
@@ -116,6 +131,8 @@ AUTH_PASSWORD_VALIDATORS = [
     },
 ]
 
+# Auth backends
+AUTHENTICATION_BACKENDS = ("mozilla_django_oidc.auth.OIDCAuthenticationBackend",)
 
 # Internationalization
 # https://docs.djangoproject.com/en/3.2/topics/i18n/
diff --git a/mozilla-django-oidc.nix b/mozilla-django-oidc.nix
new file mode 100644
index 0000000..3fa11f7
--- /dev/null
+++ b/mozilla-django-oidc.nix
@@ -0,0 +1,23 @@
+{ lib, buildPythonPackage, fetchFromGitHub, django, josepy, requests, cryptography }:
+buildPythonPackage {
+  pname = "mozilla-django-oidc";
+  version = "3.0.0";
+  src = fetchFromGitHub {
+    owner = "mozilla";
+    repo = "mozilla-django-oidc";
+    rev = "71e4af8283a10aa51234de705d34cd298e927f97";
+    hash = "sha256-bAuL6JDLU7oigEgdIrGHhO8ZnD0g0ulQ1IoY79HDnNo=";
+  };
+  propagatedBuildInputs = [
+    django
+    josepy
+    requests
+    cryptography
+  ];
+  doCheck = false;
+  meta = with lib; {
+    description = "A lightweight authentication and access management library for integration with OpenID Connect enabled authentication services.";
+    homepage = "https://mozilla-django-oidc.readthedocs.io";
+    license = licenses.mpl20;
+  };
+}
diff --git a/shell.nix b/shell.nix
index 180c3b4..dd2d91d 100644
--- a/shell.nix
+++ b/shell.nix
@@ -2,7 +2,8 @@
 let
   python = pkgs.python310.override {
     packageOverrides = self: super: {
-      django = super.django_4;
+      django = self.django_4;
+      mozilla-django-oidc = self.callPackage ./mozilla-django-oidc.nix {};
     };
   };
 in
@@ -15,6 +16,7 @@ pkgs.mkShell {
       ps.djangorestframework
       # (ps.django-extensions.override { inherit django; })
       # ps.django-compressor
+      ps.mozilla-django-oidc
     ]))
   ];
 }