/
Setup OAuth Client for Internal Services (Django Oauth Toolkit version)
Setup OAuth Client for Internal Services (Django Oauth Toolkit version)
- Robert Raposa
Owned by Robert Raposa
Last updated: Jun 11, 2020
This probably belongs as a how_to in a repo, but I copied another page to get this up quickly for Juniper where people need to upgrade from DOP to DOT.
Step-by-step guide
1. Create a new worker user with staff access in LMS (usually <service>-worker)
- If you are migrating from DOP to DOT, you probably already have this service worker.
- Also see this devstack script for creating the service worker.
2. Create 2 different OAuth applications at https://<lms>/admin/oauth2_provider/application/
- Client_id: <autogenerated>
User: select <service> worker that you created with app-permissions
Redirect Uris: <blank>
Client type: Confidential
Authorization grant type: Client credentials
Client secret: <autogenerated> (not sure if autogenerated is secure enough for prod)
Name: <service>-backend-service - Client_id: <autogenerated>
User: select <service> worker that you created with app-permissions
Redirect Uris: https://<service_url>/complete/edx-oauth2/
Client type: Confidential
Authorization grant type: Authorization code
Client secret: <autogenerated> (not sure if autogenerated is secure enough for prod)
Name: <service>-sso
Skip Authorization: checked
Also see this devstack script for creating the oauth applications.
- Add a
user_idapplication access scope for the new <service>-sso app here:
https://courses-internal.edx.org/admin/oauth_dispatch/applicationaccess- Note: This is handled by the management command in the devstack script and is only needed if doing this manually.
- Set the following keys in the configuration settings of your service
SOCIAL_AUTH_EDX_OAUTH2_KEY = '<service-sso-key>' SOCIAL_AUTH_EDX_OAUTH2_SECRET = '<service-sso-secret>' SOCIAL_AUTH_EDX_OAUTH2_ISSUER = 'https://<lms_url>' SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = 'https://<lms>' SOCIAL_AUTH_EDX_OAUTH2_LOGOUT_URL = 'https:<lms>/logout' BACKEND_SERVICE_EDX_OAUTH2_KEY = '<service-backend-service-key>' BACKEND_SERVICE_EDX_OAUTH2_SECRET = '<service-backend-service-secret>'
Explanation of all the oauth admin pages
| Section Name | URL | Description | Actively used |
|---|---|---|---|
Django OAuth Toolkit | /oauth2_provider/ | Currently used oauth2 provider | yes |
Oauth_Dispatch | /oauth_dispatch/applicationaccess/ | This is where we give applications access to certain scopes | yes |
, multiple selections available,
Related content
How to authenticate and query edX APIs with Postman
How to authenticate and query edX APIs with Postman
Read with this
So you want to touch JWTs?
So you want to touch JWTs?
Read with this
Create Re-direct URLs for Documentation
Create Re-direct URLs for Documentation
Read with this
Nutmeg
Nutmeg
Read with this
Eng process improvements
Eng process improvements
Read with this
How-Tos
How-Tos
Read with this