Step 1 – Get your credentials
You need to register your app with the OP https://iddev.fedorainfracloud.org/
I used https://github.com/puiterwijk/oidc-register for that.
pip install oidc-register
To register you need the provider, application, and redirect(callback) URLs
oidc-register https://iddev.fedorainfracloud.org/ https://127.0.0.1:8443 https://127.0.0.1:8443/oidc/callback/
Note: You can’t use http unless it’s with a localhost.
After you do that you should have a client_secrets.json file in the same directory with the client secret and ID
Step 2 – Update your settings
For https://github.com/mozilla/mozilla-django-oidc it’s pretty straightforward. Update or add the OIDC_RP_CLIENT_ID and OIDC_RP_CLIENT_SECRET in the settings.py file or better yet add it as an environment variable. You don’t want to accidentally commit the client ID and secret to your github repository.
export OIDC_RP_CLIENT_ID='xxx' export OIDC_RP_CLIENT_SECRET='xxx'
Don’t forget to include the Authorizaation, Token and User Info endpoints in your settings file
- Authorization Endpoint: https://id.fedoraproject.org/openidc/Authorization
- Token Endpoint: https://id.fedoraproject.org/openidc/Token
- UserInfo Endpoint: https://id.fedoraproject.org/openidc/UserInfo
You might also need to change the signing algorithm to RS256 which requires the public key of the OP or its JWK endpoint https://id.fedoraproject.org/openidc/Jwks