Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »


This probably belongs as a how_to in a repo, but I copied another page to get this up quickly for Juniper where people need to upgrade from DOP to DOT.


Step-by-step guide

1. Create a new worker user with staff access in LMS (usually <service>-worker)

Also see this devstack script for creating the service worker.

2. Create 2 different OAuth applications at https://<lms>/admin/oauth2_provider/application/
   

  1.        Client_id: <autogenerated>
           User: select <service> worker that you created with app-permissions
           Redirect Uris: <blank>
           Client type: Confidential
           Authorization grant type: Client credentials
           Client secret: <autogenerated> (not sure if autogenerated is secure enough for prod)
           Name: <service>-backend-service

  2.        Client_id: <autogenerated>
           User: select <service> worker that you created with app-permissions
           Redirect Uris: https://<service_url>/complete/edx-oauth2/
           Client type: Confidential
           Authorization grant type: Authorization code
           Client secret: <autogenerated> (not sure if autogenerated is secure enough for prod)
           Name: <service>-sso
           Skip Authorization: checked

Also see this devstack script for creating the oauth applications.

  1. Add a user_id application access scope for the new <service>-sso app here:
    https://courses-internal.edx.org/admin/oauth_dispatch/applicationaccess
    1. Note: This is handled by the management command in the devstack script and is only needed if doing this manually.
  2. Set the following keys in the configuration settings of your service
SOCIAL_AUTH_EDX_OAUTH2_KEY = '<service-sso-key>'
SOCIAL_AUTH_EDX_OAUTH2_SECRET = '<service-sso-secret>'
SOCIAL_AUTH_EDX_OAUTH2_ISSUER = 'https://<lms_url>'
SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = 'https://<lms>'
SOCIAL_AUTH_EDX_OAUTH2_LOGOUT_URL = 'https:<lms>/logout'
BACKEND_SERVICE_EDX_OAUTH2_KEY = '<service-backend-service-key>'
BACKEND_SERVICE_EDX_OAUTH2_SECRET = '<service-backend-service-secret>'

Explanation of all the oauth admin pages


Section NameURLDescriptionActively used

Django OAuth Toolkit

/oauth2_provider/Currently used oauth2 provideryes

Oauth_Dispatch

/oauth_dispatch/applicationaccess/This is where we give applications access to certain scopesyes
  • No labels