authentic2-auth-fc/README

==================
authentic2-auth-fc
==================

Authentic2 plugin to authenticate against *France Connect* the french
citizen and enterprise SSO.

Installation
============

Install with `pip install authentic2-auth-fc`

Settings
========

Add `A2_FC_ENABLE = True` to your `local_settings.py` file
Define the needed parameters::

   A2_FC_CLIENT_ID = 'id assigned by DISIC'
   A2_FC_CLIENT_SECRET = 'secret assigned by DISIC'
   A2_FC_VERIFY_CERTIFICATE = False # True for production

A2_FC_CREATE = True sets the plugin in provisioning mode. If a sub is unknown,
a user is created instead of asking for authentication.

When the create mode is enabled, the link for account unlinking is hidden on
the profile frontend. This is due to the not yet implemented need for asking
the user credentials when unlinking a user created without any other credential
than the authentication delegation. Unlinking meaning, loosing access to this
account at the end of the current session. To enable unlinking when create is
enabled use A2_FC_ENABLE_UNLINK_WHEN_CREATE = True.

A2_FC_LOGOUT_WHEN_UNLINK = True is used to trigger a logout toward the OP
after unlinking.

Platforms
=========

When testing against another platform than FranceConnect you must change
the default endpoints URL in your `local_settings.py` file::

   A2_FC_AUTHORIZE_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize'
   A2_FC_TOKEN_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/token'
   A2_FC_USERINFO_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo'
   A2_FC_LOGOUT_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout'

Data Providers
==============

You can define data provider endpoints with the following dictionary :

A2_FC_FD_LIST = {
    'revenu_fiscal_de_reference': [
        {
            'name': 'OpenDataSoft',
            'url': 'https://datafranceconnect.opendatasoft.com/api/records/1.0/search',
            'query_dic': {'dataset': 'guichet-des-bretons', },
        },
    ],
}

Data is requested using the login or link endpoint view giving space delimited
scopes in the `fd_scopes` get parameter :

    fc/callback/?next=%2F&fd_scopes=revenu_fiscal_de_reference scolarite

The data received is recorded in the session with a dictionary named `fc-data`
with scopes as keys and lists of data as values. A data is a tuple
FD name and data content.

fc_data_dic = {
    scope_name = [
        [FD_name, data],
    ],
}

Attribute mapping
=================

You can map France Connect attributes to Authentic2 attributes through the
setting A2_FC_USER_INFO_MAPPINGS. A2_FC_USER_INFO_MAPPINGS is a dictionary
whose keys are authentic2's attribute names and values can be France Connect
attribute names or dictionary with the following keys:

- `value` : a static value which will be assigned to the authentic2 attribute,
  can be any Python value,
- `ref` : the name of a France Connect attribute,
- `translation` : a transformation name among:
  -  @insee-communes@ : translate the value using mapping from INSEE code of
     communes to their name,
  -  @insee-countries@ : translate the value using mapping from INSEE code of
     countries to their name,
  -  @simple@ : lookup the value using the dictionary in @translation_simple@.
- `compute`: compute a value using a known function, the only known function
  for now is @today@ which returns @datetime.date.today()@.
- `verified`: set the verified flag on the value.

Example:

A2_FC_USER_INFO_MAPPINGS = {
  'first_name': 'given_name',
  'last_name': 'family_name',
  'birthdate': { 'ref': 'birthdate', 'translation': 'isodate' },
  'birthplace': { 'ref': 'birthplace', 'translation': 'insee-communes' },
  'birthcountry': { 'ref': 'birthcountry', 'translation': 'insee-countries' },
  'birthplace_insee': 'birthplace',
  'birthcountry_insee': 'birthcountry',
  'title': {
     'ref': 'gender',
     'translation': 'simple',
     'translation_simple': {
        'male': 'Monsieur',
        'female': 'Madame',
     }
  },
  'gender': 'gender',
  'validated': { 'value': True },
  'validation_date': { 'compute': 'today' },
  'validation_context': { 'value': 'France Connect' },
}
Update README. 2015-05-29 11:27:58 +02:00			`==================`
Rename MSP plugin as FC plugin 2015-05-27 16:07:44 +02:00			`authentic2-auth-fc`
Update README. 2015-05-29 11:27:58 +02:00			`==================`
msp: add OAuth2 and rest proxy endpoints 2013-10-18 14:59:51 +02:00
Rename MSP plugin as FC plugin 2015-05-27 16:07:44 +02:00			`Authentic2 plugin to authenticate against France Connect the french`
documentation update (#20860) 2017-12-21 15:42:15 +01:00			`citizen and enterprise SSO.`
add msp integration application Requirements ============ Your base template must use django-sekizai and must contain a sekizai block named "css" and another named "js" respectively for stylesheet and javascript files. Installation ============ Add the application to your installed apps:: INSTALLED_APPS += ( 'msp', ) Install the authentication backend:: AUTHENTICATION_BACKENDS += ( 'msp.backends.MspBackend', ) Define needed settings, we show here the default values:: MSP_AUTHORIZE_URL = 'https://mon.service-public.fr/apis/app/oauth/authorize' MSP_TOKEN_URL = 'https://mon.service-public.fr/apis/app/oauth/token' MSP_API_URL = 'https://mon.service-public.fr/apis/' MSP_CLIENT_ID = 'id assigned by DIMAP' MSP_CLIENT_SECRET = 'secret assigned by DIMAP' MSP_CLIENT_CERTIFICATE = ('/my-path/my-certificate.crt', '/my-path/my-certificate.key') MSP_VERIFY_CERTIFICATE = False You must plug the application views in your urls.py file by adding this content:: url(r'^msp/', include('msp.urls')), To link your account to MSP or unlink your account from MSP, add the following content to your template:: {% include 'msp/linking.html' %} It will show a linking link when unauthenticated and when no msp account is linked to the current account or an unlinking link when authenticated and a to MSP exists. To show a connection box include this content in your template:: {% include 'msp/connecting.html' %} To make the include file use a popup to talk to MSP add the popup parameter like in the following content:: {% include 'msp/connecting.html' with popup=1 %} 2013-10-11 17:33:20 +02:00
			`Installation`
			`============`

Update README. 2016-02-23 11:44:24 +01:00			Install with `pip install authentic2-auth-fc`

			`Settings`
			`========`

			Add `A2_FC_ENABLE = True` to your `local_settings.py` file
			`Define the needed parameters::`
add msp integration application Requirements ============ Your base template must use django-sekizai and must contain a sekizai block named "css" and another named "js" respectively for stylesheet and javascript files. Installation ============ Add the application to your installed apps:: INSTALLED_APPS += ( 'msp', ) Install the authentication backend:: AUTHENTICATION_BACKENDS += ( 'msp.backends.MspBackend', ) Define needed settings, we show here the default values:: MSP_AUTHORIZE_URL = 'https://mon.service-public.fr/apis/app/oauth/authorize' MSP_TOKEN_URL = 'https://mon.service-public.fr/apis/app/oauth/token' MSP_API_URL = 'https://mon.service-public.fr/apis/' MSP_CLIENT_ID = 'id assigned by DIMAP' MSP_CLIENT_SECRET = 'secret assigned by DIMAP' MSP_CLIENT_CERTIFICATE = ('/my-path/my-certificate.crt', '/my-path/my-certificate.key') MSP_VERIFY_CERTIFICATE = False You must plug the application views in your urls.py file by adding this content:: url(r'^msp/', include('msp.urls')), To link your account to MSP or unlink your account from MSP, add the following content to your template:: {% include 'msp/linking.html' %} It will show a linking link when unauthenticated and when no msp account is linked to the current account or an unlinking link when authenticated and a to MSP exists. To show a connection box include this content in your template:: {% include 'msp/connecting.html' %} To make the include file use a popup to talk to MSP add the popup parameter like in the following content:: {% include 'msp/connecting.html' with popup=1 %} 2013-10-11 17:33:20 +02:00
Update README. 2015-05-29 11:27:58 +02:00			`A2_FC_CLIENT_ID = 'id assigned by DISIC'`
			`A2_FC_CLIENT_SECRET = 'secret assigned by DISIC'`
			`A2_FC_VERIFY_CERTIFICATE = False # True for production`
add msp integration application Requirements ============ Your base template must use django-sekizai and must contain a sekizai block named "css" and another named "js" respectively for stylesheet and javascript files. Installation ============ Add the application to your installed apps:: INSTALLED_APPS += ( 'msp', ) Install the authentication backend:: AUTHENTICATION_BACKENDS += ( 'msp.backends.MspBackend', ) Define needed settings, we show here the default values:: MSP_AUTHORIZE_URL = 'https://mon.service-public.fr/apis/app/oauth/authorize' MSP_TOKEN_URL = 'https://mon.service-public.fr/apis/app/oauth/token' MSP_API_URL = 'https://mon.service-public.fr/apis/' MSP_CLIENT_ID = 'id assigned by DIMAP' MSP_CLIENT_SECRET = 'secret assigned by DIMAP' MSP_CLIENT_CERTIFICATE = ('/my-path/my-certificate.crt', '/my-path/my-certificate.key') MSP_VERIFY_CERTIFICATE = False You must plug the application views in your urls.py file by adding this content:: url(r'^msp/', include('msp.urls')), To link your account to MSP or unlink your account from MSP, add the following content to your template:: {% include 'msp/linking.html' %} It will show a linking link when unauthenticated and when no msp account is linked to the current account or an unlinking link when authenticated and a to MSP exists. To show a connection box include this content in your template:: {% include 'msp/connecting.html' %} To make the include file use a popup to talk to MSP add the popup parameter like in the following content:: {% include 'msp/connecting.html' with popup=1 %} 2013-10-11 17:33:20 +02:00
documentation update (#20860) 2017-12-21 15:42:15 +01:00			`A2_FC_CREATE = True sets the plugin in provisioning mode. If a sub is unknown,`
			`a user is created instead of asking for authentication.`
Update README. 2016-02-23 11:44:24 +01:00
documentation update (#20860) 2017-12-21 15:42:15 +01:00			`When the create mode is enabled, the link for account unlinking is hidden on`
			`the profile frontend. This is due to the not yet implemented need for asking`
			`the user credentials when unlinking a user created without any other credential`
			`than the authentication delegation. Unlinking meaning, loosing access to this`
Update README. 2016-02-23 11:44:24 +01:00			`account at the end of the current session. To enable unlinking when create is`
documentation update (#20860) 2017-12-21 15:42:15 +01:00			`enabled use A2_FC_ENABLE_UNLINK_WHEN_CREATE = True.`
Update README. 2016-02-23 11:44:24 +01:00
documentation update (#20860) 2017-12-21 15:42:15 +01:00			`A2_FC_LOGOUT_WHEN_UNLINK = True is used to trigger a logout toward the OP`
Update README. 2016-02-23 11:44:24 +01:00			`after unlinking.`

Rename MSP plugin as FC plugin 2015-05-27 16:07:44 +02:00			`Platforms`
			`=========`
bump release to 1.0.0 2014-11-21 18:29:59 +01:00
Update README. 2016-02-23 11:44:24 +01:00			`When testing against another platform than FranceConnect you must change`
bump release to 1.0.0 2014-11-21 18:29:59 +01:00			the default endpoints URL in your `local_settings.py` file::
add msp integration application Requirements ============ Your base template must use django-sekizai and must contain a sekizai block named "css" and another named "js" respectively for stylesheet and javascript files. Installation ============ Add the application to your installed apps:: INSTALLED_APPS += ( 'msp', ) Install the authentication backend:: AUTHENTICATION_BACKENDS += ( 'msp.backends.MspBackend', ) Define needed settings, we show here the default values:: MSP_AUTHORIZE_URL = 'https://mon.service-public.fr/apis/app/oauth/authorize' MSP_TOKEN_URL = 'https://mon.service-public.fr/apis/app/oauth/token' MSP_API_URL = 'https://mon.service-public.fr/apis/' MSP_CLIENT_ID = 'id assigned by DIMAP' MSP_CLIENT_SECRET = 'secret assigned by DIMAP' MSP_CLIENT_CERTIFICATE = ('/my-path/my-certificate.crt', '/my-path/my-certificate.key') MSP_VERIFY_CERTIFICATE = False You must plug the application views in your urls.py file by adding this content:: url(r'^msp/', include('msp.urls')), To link your account to MSP or unlink your account from MSP, add the following content to your template:: {% include 'msp/linking.html' %} It will show a linking link when unauthenticated and when no msp account is linked to the current account or an unlinking link when authenticated and a to MSP exists. To show a connection box include this content in your template:: {% include 'msp/connecting.html' %} To make the include file use a popup to talk to MSP add the popup parameter like in the following content:: {% include 'msp/connecting.html' with popup=1 %} 2013-10-11 17:33:20 +02:00
Update README. 2015-05-29 11:27:58 +02:00			`A2_FC_AUTHORIZE_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize'`
			`A2_FC_TOKEN_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/token'`
			`A2_FC_USERINFO_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo'`
			`A2_FC_LOGOUT_URL = 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout'`
msp: add OAuth2 and rest proxy endpoints 2013-10-18 14:59:51 +02:00
Update README. 2015-05-29 11:27:58 +02:00			`Data Providers`
			`==============`
bump release to 1.0.0 2014-11-21 18:29:59 +01:00
documentation update (#20860) 2017-12-21 15:42:15 +01:00			`You can define data provider endpoints with the following dictionary :`
msp: add OAuth2 and rest proxy endpoints 2013-10-18 14:59:51 +02:00
Update README. 2015-05-29 11:27:58 +02:00			`A2_FC_FD_LIST = {`
			`'revenu_fiscal_de_reference': [`
			`{`
Update README. 2016-02-23 11:44:24 +01:00			`'name': 'OpenDataSoft',`
Update README. 2015-05-29 11:27:58 +02:00			`'url': 'https://datafranceconnect.opendatasoft.com/api/records/1.0/search',`
			`'query_dic': {'dataset': 'guichet-des-bretons', },`
			`},`
			`],`
			`}`
Update README. 2016-02-23 11:44:24 +01:00
			`Data is requested using the login or link endpoint view giving space delimited`
			scopes in the `fd_scopes` get parameter :

			`fc/callback/?next=%2F&fd_scopes=revenu_fiscal_de_reference scolarite`

documentation update (#20860) 2017-12-21 15:42:15 +01:00			The data received is recorded in the session with a dictionary named `fc-data`
Update README. 2016-02-23 11:44:24 +01:00			`with scopes as keys and lists of data as values. A data is a tuple`
			`FD name and data content.`

			`fc_data_dic = {`
			`scope_name = [`
			`[FD_name, data],`
			`],`
			`}`
improve mapping of FC attributes to A2 attributes (#10062) 2017-03-07 11:29:57 +01:00
			`Attribute mapping`
			`=================`

			`You can map France Connect attributes to Authentic2 attributes through the`
documentation update (#20860) 2017-12-21 15:42:15 +01:00			`setting A2_FC_USER_INFO_MAPPINGS. A2_FC_USER_INFO_MAPPINGS is a dictionary`
			`whose keys are authentic2's attribute names and values can be France Connect`
			`attribute names or dictionary with the following keys:`
improve mapping of FC attributes to A2 attributes (#10062) 2017-03-07 11:29:57 +01:00
			- `value` : a static value which will be assigned to the authentic2 attribute,
			`can be any Python value,`
			- `ref` : the name of a France Connect attribute,
			- `translation` : a transformation name among:
			`- @insee-communes@ : translate the value using mapping from INSEE code of`
			`communes to their name,`
			`- @insee-countries@ : translate the value using mapping from INSEE code of`
			`countries to their name,`
documentation update (#20860) 2017-12-21 15:42:15 +01:00			`- @simple@ : lookup the value using the dictionary in @translation_simple@.`
			- `compute`: compute a value using a known function, the only known function
			`for now is @today@ which returns @datetime.date.today()@.`
improve mapping of FC attributes to A2 attributes (#10062) 2017-03-07 11:29:57 +01:00			- `verified`: set the verified flag on the value.

documentation update (#20860) 2017-12-21 15:42:15 +01:00			`Example:`
improve mapping of FC attributes to A2 attributes (#10062) 2017-03-07 11:29:57 +01:00
			`A2_FC_USER_INFO_MAPPINGS = {`
			`'first_name': 'given_name',`
			`'last_name': 'family_name',`
			`'birthdate': { 'ref': 'birthdate', 'translation': 'isodate' },`
			`'birthplace': { 'ref': 'birthplace', 'translation': 'insee-communes' },`
			`'birthcountry': { 'ref': 'birthcountry', 'translation': 'insee-countries' },`
			`'birthplace_insee': 'birthplace',`
			`'birthcountry_insee': 'birthcountry',`
			`'title': {`
			`'ref': 'gender',`
			`'translation': 'simple',`
			`'translation_simple': {`
			`'male': 'Monsieur',`
			`'female': 'Madame',`
			`}`
			`},`
			`'gender': 'gender',`
			`'validated': { 'value': True },`
			`'validation_date': { 'compute': 'today' },`
			`'validation_context': { 'value': 'France Connect' },`
			`}`