This probably belongs as a how_to in a repo, but I copied another page to get this up quickly for Juniper where people need to upgrade from DOP to DOT. |
Step-by-step guide
1. Create a new worker user with staff access in LMS (usually <service>-worker)
Also see this devstack script for creating the service worker.
2. Create 2 different OAuth applications at https://<lms>/admin/oauth2_provider/application/
Also see this devstack script for creating the oauth applications.
user_id
application access scope for the new <service>-sso app here:SOCIAL_AUTH_EDX_OAUTH2_KEY = '<service-sso-key>' SOCIAL_AUTH_EDX_OAUTH2_SECRET = '<service-sso-secret>' SOCIAL_AUTH_EDX_OAUTH2_ISSUER = 'https://<lms_url>' SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = 'https://<lms>' SOCIAL_AUTH_EDX_OAUTH2_LOGOUT_URL = 'https:<lms>/logout' BACKEND_SERVICE_EDX_OAUTH2_KEY = '<service-backend-service-key>' BACKEND_SERVICE_EDX_OAUTH2_SECRET = '<service-backend-service-secret>' |
Section Name | URL | Description | Actively used |
---|---|---|---|
Django OAuth Toolkit | /oauth2_provider/ | Currently used oauth2 provider | yes |
Oauth_Dispatch | /oauth_dispatch/applicationaccess/ | This is where we give applications access to certain scopes | yes |