FranceConnect authentication plugin for Authentic2
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
Benjamin Dauvergne 806b4cdbab lock first name and last name (fixes #27044) 2018-11-29 21:14:05 +01:00
debian debian: required python-requests>2.11 (fixes #23518) 2018-06-13 10:09:16 +02:00
src/authentic2_auth_fc lock first name and last name (fixes #27044) 2018-11-29 21:14:05 +01:00
tests lock first name and last name (fixes #27044) 2018-11-29 21:14:05 +01:00
.gitignore Refactorize application to make it an authentic2 plugin (2/2) 2014-11-06 21:35:04 +01:00
COPYING Rename MSP plugin as FC plugin 2015-05-27 18:07:23 +02:00
Jenkinsfile launch tests with Django 1.11 (fixes #27095) 2018-10-08 16:54:29 +02:00
MANIFEST.in add js files to sdist 2018-09-27 11:29:43 +02:00
README documentation update (#20860) 2018-02-02 12:24:44 +01:00
getlasso.sh validate id_token 2017-06-15 18:46:27 +02:00
jenkins.sh configure build in Jenkins2 2018-10-08 12:41:51 +02:00
pylint.sh configure build in Jenkins2 2018-10-08 12:41:51 +02:00
setup.py add js files to sdist 2018-09-27 11:29:43 +02:00
tox.ini launch tests with Django 1.11 (fixes #27095) 2018-10-08 16:54:29 +02:00

README

==================
authentic2-auth-fc
==================

Authentic2 plugin to authenticate against *France Connect* the french
citizen and enterprise SSO.

Installation
============

Install with `pip install authentic2-auth-fc`

Settings
========

Add `A2_FC_ENABLE = True` to your `local_settings.py` file
Define the needed parameters::

   A2_FC_CLIENT_ID = 'id assigned by DISIC'
   A2_FC_CLIENT_SECRET = 'secret assigned by DISIC'
   A2_FC_VERIFY_CERTIFICATE = False # True for production

A2_FC_CREATE = True sets the plugin in provisioning mode. If a sub is unknown,
a user is created instead of asking for authentication.

When the create mode is enabled, the link for account unlinking is hidden on
the profile frontend. This is due to the not yet implemented need for asking
the user credentials when unlinking a user created without any other credential
than the authentication delegation. Unlinking meaning, loosing access to this
account at the end of the current session. To enable unlinking when create is
enabled use A2_FC_ENABLE_UNLINK_WHEN_CREATE = True.

A2_FC_LOGOUT_WHEN_UNLINK = True is used to trigger a logout toward the OP
after unlinking.

Platforms
=========

When testing against another platform than FranceConnect you must change
the default endpoints URL in your `local_settings.py` file::

   A2_FC_AUTHORIZE_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize'
   A2_FC_TOKEN_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/token'
   A2_FC_USERINFO_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo'
   A2_FC_LOGOUT_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout'

Data Providers
==============

You can define data provider endpoints with the following dictionary :

A2_FC_FD_LIST = {
    'revenu_fiscal_de_reference': [
        {
            'name': 'OpenDataSoft',
            'url': 'https://datafranceconnect.opendatasoft.com/api/records/1.0/search',
            'query_dic': {'dataset': 'guichet-des-bretons', },
        },
    ],
}

Data is requested using the login or link endpoint view giving space delimited
scopes in the `fd_scopes` get parameter :

    fc/callback/?next=%2F&fd_scopes=revenu_fiscal_de_reference scolarite

The data received is recorded in the session with a dictionary named `fc-data`
with scopes as keys and lists of data as values. A data is a tuple
FD name and data content.

fc_data_dic = {
    scope_name = [
        [FD_name, data],
    ],
}

Attribute mapping
=================

You can map France Connect attributes to Authentic2 attributes through the
setting A2_FC_USER_INFO_MAPPINGS. A2_FC_USER_INFO_MAPPINGS is a dictionary
whose keys are authentic2's attribute names and values can be France Connect
attribute names or dictionary with the following keys:

- `value` : a static value which will be assigned to the authentic2 attribute,
  can be any Python value,
- `ref` : the name of a France Connect attribute,
- `translation` : a transformation name among:
  -  @insee-communes@ : translate the value using mapping from INSEE code of
     communes to their name,
  -  @insee-countries@ : translate the value using mapping from INSEE code of
     countries to their name,
  -  @simple@ : lookup the value using the dictionary in @translation_simple@.
- `compute`: compute a value using a known function, the only known function
  for now is @today@ which returns @datetime.date.today()@.
- `verified`: set the verified flag on the value.

Example:

A2_FC_USER_INFO_MAPPINGS = {
  'first_name': 'given_name',
  'last_name': 'family_name',
  'birthdate': { 'ref': 'birthdate', 'translation': 'isodate' },
  'birthplace': { 'ref': 'birthplace', 'translation': 'insee-communes' },
  'birthcountry': { 'ref': 'birthcountry', 'translation': 'insee-countries' },
  'birthplace_insee': 'birthplace',
  'birthcountry_insee': 'birthcountry',
  'title': {
     'ref': 'gender',
     'translation': 'simple',
     'translation_simple': {
        'male': 'Monsieur',
        'female': 'Madame',
     }
  },
  'gender': 'gender',
  'validated': { 'value': True },
  'validation_date': { 'compute': 'today' },
  'validation_context': { 'value': 'France Connect' },
}