2015-05-29 11:27:58 +02:00
|
|
|
==================
|
2015-05-27 16:07:44 +02:00
|
|
|
authentic2-auth-fc
|
2015-05-29 11:27:58 +02:00
|
|
|
==================
|
2013-10-18 14:59:51 +02:00
|
|
|
|
2015-05-27 16:07:44 +02:00
|
|
|
Authentic2 plugin to authenticate against *France Connect* the french
|
|
|
|
citizen and entreprise SSO.
|
2013-10-11 17:33:20 +02:00
|
|
|
|
|
|
|
Installation
|
|
|
|
============
|
|
|
|
|
2016-02-23 11:44:24 +01:00
|
|
|
Install with `pip install authentic2-auth-fc`
|
|
|
|
|
|
|
|
Settings
|
|
|
|
========
|
|
|
|
|
|
|
|
Add `A2_FC_ENABLE = True` to your `local_settings.py` file
|
|
|
|
Define the needed parameters::
|
2013-10-11 17:33:20 +02:00
|
|
|
|
2015-05-29 11:27:58 +02:00
|
|
|
A2_FC_CLIENT_ID = 'id assigned by DISIC'
|
|
|
|
A2_FC_CLIENT_SECRET = 'secret assigned by DISIC'
|
|
|
|
A2_FC_VERIFY_CERTIFICATE = False # True for production
|
2013-10-11 17:33:20 +02:00
|
|
|
|
2016-02-23 11:44:24 +01:00
|
|
|
A2_FC_CREATE = True set the plugin in provisionning mode. If a sub is unknown,
|
|
|
|
a user is created instead of asking authentication.
|
|
|
|
|
|
|
|
When the create mode is enabled, the link for unlinking is hidden on the
|
|
|
|
profile frontend. This is due to the not yet implemented need of asking
|
|
|
|
the user credentiels when unlinking a user created without any other credential
|
|
|
|
that the authentication delegation. Unlinking meaning, loosing access to this
|
|
|
|
account at the end of the current session. To enable unlinking when create is
|
|
|
|
unabled use A2_FC_ENABLE_UNLINK_WHEN_CREATE = True.
|
|
|
|
|
|
|
|
A2_FC_LOGOUT_WHEN_UNLINK = True is using to trigger a logout toward the OP
|
|
|
|
after unlinking.
|
|
|
|
|
2015-05-27 16:07:44 +02:00
|
|
|
Platforms
|
|
|
|
=========
|
2014-11-21 18:29:59 +01:00
|
|
|
|
2016-02-23 11:44:24 +01:00
|
|
|
When testing against another platform than FranceConnect you must change
|
2014-11-21 18:29:59 +01:00
|
|
|
the default endpoints URL in your `local_settings.py` file::
|
2013-10-11 17:33:20 +02:00
|
|
|
|
2015-05-29 11:27:58 +02:00
|
|
|
A2_FC_AUTHORIZE_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize'
|
|
|
|
A2_FC_TOKEN_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/token'
|
|
|
|
A2_FC_USERINFO_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo'
|
|
|
|
A2_FC_LOGOUT_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout'
|
2013-10-18 14:59:51 +02:00
|
|
|
|
2015-05-29 11:27:58 +02:00
|
|
|
Data Providers
|
|
|
|
==============
|
2014-11-21 18:29:59 +01:00
|
|
|
|
2016-02-23 11:44:24 +01:00
|
|
|
You can define data provider endpoints with the following dictionnary :
|
2013-10-18 14:59:51 +02:00
|
|
|
|
2015-05-29 11:27:58 +02:00
|
|
|
A2_FC_FD_LIST = {
|
|
|
|
'revenu_fiscal_de_reference': [
|
|
|
|
{
|
2016-02-23 11:44:24 +01:00
|
|
|
'name': 'OpenDataSoft',
|
2015-05-29 11:27:58 +02:00
|
|
|
'url': 'https://datafranceconnect.opendatasoft.com/api/records/1.0/search',
|
|
|
|
'query_dic': {'dataset': 'guichet-des-bretons', },
|
|
|
|
},
|
|
|
|
],
|
|
|
|
}
|
2016-02-23 11:44:24 +01:00
|
|
|
|
|
|
|
Data is requested using the login or link endpoint view giving space delimited
|
|
|
|
scopes in the `fd_scopes` get parameter :
|
|
|
|
|
|
|
|
fc/callback/?next=%2F&fd_scopes=revenu_fiscal_de_reference scolarite
|
|
|
|
|
|
|
|
The data received is recorded in the session with a dictionnary named `fc-data`
|
|
|
|
with scopes as keys and lists of data as values. A data is a tuple
|
|
|
|
FD name and data content.
|
|
|
|
|
|
|
|
fc_data_dic = {
|
|
|
|
scope_name = [
|
|
|
|
[FD_name, data],
|
|
|
|
],
|
|
|
|
}
|
2017-03-07 11:29:57 +01:00
|
|
|
|
|
|
|
Attribute mapping
|
|
|
|
=================
|
|
|
|
|
|
|
|
You can map France Connect attributes to Authentic2 attributes through the
|
|
|
|
setting A2_FC_USER_INFO_MAPPINGS. A2_FC_USER_INFO_MAPPINGS is a dictionnary
|
|
|
|
whose keys are authentic2's attribute names and value can be France Connect
|
|
|
|
attribute names or dictionnary with the following keys:
|
|
|
|
|
|
|
|
- `value` : a static value which will be assigned to the authentic2 attribute,
|
|
|
|
can be any Python value,
|
|
|
|
- `ref` : the name of a France Connect attribute,
|
|
|
|
- `translation` : a transformation name among:
|
|
|
|
- @insee-communes@ : translate the value using mapping from INSEE code of
|
|
|
|
communes to their name,
|
|
|
|
- @insee-countries@ : translate the value using mapping from INSEE code of
|
|
|
|
countries to their name,
|
|
|
|
- @simple@ : lookup the value using the dictionnary in @translation_simple@.
|
|
|
|
- `compute`: compute a value using a known function, only known function for now
|
|
|
|
is @today@ which returns @datetime.date.today()@.
|
|
|
|
- `verified`: set the verified flag on the value.
|
|
|
|
|
|
|
|
Exemple:
|
|
|
|
|
|
|
|
A2_FC_USER_INFO_MAPPINGS = {
|
|
|
|
'first_name': 'given_name',
|
|
|
|
'last_name': 'family_name',
|
|
|
|
'birthdate': { 'ref': 'birthdate', 'translation': 'isodate' },
|
|
|
|
'birthplace': { 'ref': 'birthplace', 'translation': 'insee-communes' },
|
|
|
|
'birthcountry': { 'ref': 'birthcountry', 'translation': 'insee-countries' },
|
|
|
|
'birthplace_insee': 'birthplace',
|
|
|
|
'birthcountry_insee': 'birthcountry',
|
|
|
|
'title': {
|
|
|
|
'ref': 'gender',
|
|
|
|
'translation': 'simple',
|
|
|
|
'translation_simple': {
|
|
|
|
'male': 'Monsieur',
|
|
|
|
'female': 'Madame',
|
|
|
|
}
|
|
|
|
},
|
|
|
|
'gender': 'gender',
|
|
|
|
'validated': { 'value': True },
|
|
|
|
'validation_date': { 'compute': 'today' },
|
|
|
|
'validation_context': { 'value': 'France Connect' },
|
|
|
|
}
|