Step 1 – Get your credentials

You need to register your app with the OP https://iddev.fedorainfracloud.org/

I used https://github.com/puiterwijk/oidc-register for that.

pip install oidc-register

To register you need the provider, application, and redirect(callback) URLs

oidc-register https://iddev.fedorainfracloud.org/ https://127.0.0.1:8443 https://127.0.0.1:8443/oidc/callback/

Note: You can’t use http unless it’s with a localhost. 

After you do that you should have a client_secrets.json file in the same directory with the client secret and ID

Step 2 – Update your settings

For https://github.com/mozilla/mozilla-django-oidc it’s pretty straightforward. Update or add the OIDC_RP_CLIENT_ID and OIDC_RP_CLIENT_SECRET in the settings.py file or better yet add it as an environment variable. You don’t want to accidentally commit the client ID and secret to your github repository.

export OIDC_RP_CLIENT_ID='xxx'
export OIDC_RP_CLIENT_SECRET='xxx'

Don’t forget to include the Authorizaation, Token and User Info endpoints in your settings file

You might also need to change the signing algorithm to RS256 which requires the public key of the OP or its JWK endpoint https://id.fedoraproject.org/openidc/Jwks

References

https://docs.pagure.org/infra-docs/dev-guide/auth.html

https://fedoraproject.org/wiki/Infrastructure/Authentication