================== authentic2-auth-fc ================== Authentic2 plugin to authenticate against *France Connect* the french citizen and entreprise SSO. Installation ============ Install with `pip install authentic2-auth-fc` Settings ======== Add `A2_FC_ENABLE = True` to your `local_settings.py` file Define the needed parameters:: A2_FC_CLIENT_ID = 'id assigned by DISIC' A2_FC_CLIENT_SECRET = 'secret assigned by DISIC' A2_FC_VERIFY_CERTIFICATE = False # True for production A2_FC_CREATE = True set the plugin in provisionning mode. If a sub is unknown, a user is created instead of asking authentication. When the create mode is enabled, the link for unlinking is hidden on the profile frontend. This is due to the not yet implemented need of asking the user credentiels when unlinking a user created without any other credential that the authentication delegation. Unlinking meaning, loosing access to this account at the end of the current session. To enable unlinking when create is unabled use A2_FC_ENABLE_UNLINK_WHEN_CREATE = True. A2_FC_LOGOUT_WHEN_UNLINK = True is using to trigger a logout toward the OP after unlinking. Platforms ========= When testing against another platform than FranceConnect you must change the default endpoints URL in your `local_settings.py` file:: A2_FC_AUTHORIZE_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize' A2_FC_TOKEN_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/token' A2_FC_USERINFO_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo' A2_FC_LOGOUT_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout' Data Providers ============== You can define data provider endpoints with the following dictionnary : A2_FC_FD_LIST = { 'revenu_fiscal_de_reference': [ { 'name': 'OpenDataSoft', 'url': 'https://datafranceconnect.opendatasoft.com/api/records/1.0/search', 'query_dic': {'dataset': 'guichet-des-bretons', }, }, ], } Data is requested using the login or link endpoint view giving space delimited scopes in the `fd_scopes` get parameter : fc/callback/?next=%2F&fd_scopes=revenu_fiscal_de_reference scolarite The data received is recorded in the session with a dictionnary named `fc-data` with scopes as keys and lists of data as values. A data is a tuple FD name and data content. fc_data_dic = { scope_name = [ [FD_name, data], ], } Attribute mapping ================= You can map France Connect attributes to Authentic2 attributes through the setting A2_FC_USER_INFO_MAPPINGS. A2_FC_USER_INFO_MAPPINGS is a dictionnary whose keys are authentic2's attribute names and value can be France Connect attribute names or dictionnary with the following keys: - `value` : a static value which will be assigned to the authentic2 attribute, can be any Python value, - `ref` : the name of a France Connect attribute, - `translation` : a transformation name among: - @insee-communes@ : translate the value using mapping from INSEE code of communes to their name, - @insee-countries@ : translate the value using mapping from INSEE code of countries to their name, - @simple@ : lookup the value using the dictionnary in @translation_simple@. - `compute`: compute a value using a known function, only known function for now is @today@ which returns @datetime.date.today()@. - `verified`: set the verified flag on the value. Exemple: A2_FC_USER_INFO_MAPPINGS = { 'first_name': 'given_name', 'last_name': 'family_name', 'birthdate': { 'ref': 'birthdate', 'translation': 'isodate' }, 'birthplace': { 'ref': 'birthplace', 'translation': 'insee-communes' }, 'birthcountry': { 'ref': 'birthcountry', 'translation': 'insee-countries' }, 'birthplace_insee': 'birthplace', 'birthcountry_insee': 'birthcountry', 'title': { 'ref': 'gender', 'translation': 'simple', 'translation_simple': { 'male': 'Monsieur', 'female': 'Madame', } }, 'gender': 'gender', 'validated': { 'value': True }, 'validation_date': { 'compute': 'today' }, 'validation_context': { 'value': 'France Connect' }, }