Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for AWS Cognito #166

Merged
merged 4 commits into from
May 18, 2021
Merged

Support for AWS Cognito #166

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f405a1a
analytics idp is generic
rathorevaibhav May 17, 2021
e6a291c
Apply suggestions from code review
rathorevaibhav May 18, 2021
d533810
DOC: minor PEP8
dalmia May 18, 2021
c818493
FIX: minor bug
dalmia May 18, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,12 @@ DEFAULT_TENANT_NAME=Plio
DEFAULT_TENANT_SHORTCODE=plio
DEFAULT_TENANT_DOMAIN=0.0.0.0

# Auth0 settings
AUTH0_TOKEN_URL=
AUTH0_CLIENT_ID=
AUTH0_CLIENT_SECRET=
AUTH0_AUDIENCE=
# Analytics Identity Provider (IDP) configurations
ANALYTICS_IDP_TYPE= # possible values are `cognito` or `auth0`
ANALYTICS_IDP_TOKEN_URL=
ANALYTICS_IDP_CLIENT_ID=
ANALYTICS_IDP_CLIENT_SECRET=
ANALYTICS_IDP_AUDIENCE= # not needed when IDP is `cognito`

# email settings
EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'
Expand Down
39 changes: 25 additions & 14 deletions docs/ENV.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,17 +101,28 @@ Shortcode for the default tenant (e.g. plio)
The domain for the default tenant (e.g. 0.0.0.0 locally, plio.in on production)


### Auth0 for Plio Analytics
While setting up Plio analytics, you need to make sure the following variables are also updated. These are responsible to fetch an access token from Auth0 Identity Provider.

#### `AUTH0_TOKEN_URL`
The url to request access token from Auth0. Generally looks like `https://<AUTH0-SUBDOMAIN>.auth0.com/oauth/token`

#### `AUTH0_CLIENT_ID`
The client id for your Auth0 app. Retrieve from Auth0 Application settings page

#### `AUTH0_CLIENT_SECRET`
The client secret for your Auth0 app. Retrieve from Auth0 Application settings page

#### `AUTH0_AUDIENCE`
Unique Identifier for your Auth0 API. Retrieve from Auth0 API settings.
### Identity Provider for Plio Analytics
While setting up Plio analytics, you need to make sure the following variables are also updated. These are responsible to fetch an access token from the configured Identity Provider.

#### `ANALYTICS_IDP_TYPE`
Plio Analytics supports two identity providers. The possible values for this variable are `cognito` (AWS Cognito) and `auth0` (Auth0).

#### `ANALYTICS_IDP_TOKEN_URL`
The url to request access token from the Identity Provider. Generally looks like:
1. When type is `cognito`: `https://<APP-DOMAIN-PREFIX>.auth.<aws-region>.amazoncognito.com/oauth2/token`. This is the same as the Amazon Cognito domain you have configured.
2. When type is `auth0`: `https://<AUTH0-SUBDOMAIN>.<REGION>.auth0.com/oauth/token`

#### `ANALYTICS_IDP_CLIENT_ID`
The client id for your identity provider app.
1. When type is `cognito`: Retrieve this from your User pool's "App clients" page.
2. When type is `auth0`: Retrieve from Auth0 Application settings page.

#### `ANALYTICS_IDP_CLIENT_SECRET`
The client secret for your identity provider app.
1. When type is `cognito`: Retrieve this from your User pool's "App clients" page.
2. When type is `auth0`: Retrieve from Auth0 Application settings page.

#### `ANALYTICS_IDP_AUDIENCE`
Unique Identifier for your Auth0 API.
1. When type is `cognito`: Not needed.
2. When type is `auth0`: Retrieve from Auth0 API settings.
11 changes: 7 additions & 4 deletions plio/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,10 +292,13 @@
}

# authentication
AUTH0_TOKEN_URL = os.environ.get("AUTH0_TOKEN_URL")
AUTH0_CLIENT_ID = os.environ.get("AUTH0_CLIENT_ID")
AUTH0_CLIENT_SECRET = os.environ.get("AUTH0_CLIENT_SECRET")
AUTH0_AUDIENCE = os.environ.get("AUTH0_AUDIENCE")
ANALYTICS_IDP = {
"type": os.environ.get("ANALYTICS_IDP_TYPE"),
"token_url": os.environ.get("ANALYTICS_IDP_TOKEN_URL"),
"client_id": os.environ.get("ANALYTICS_IDP_CLIENT_ID"),
"client_secret": os.environ.get("ANALYTICS_IDP_CLIENT_SECRET"),
"audience": os.environ.get("ANALYTICS_IDP_AUDIENCE", ""),
}

# email
EMAIL_BACKEND = os.environ.get("EMAIL_BACKEND")
Expand Down
18 changes: 9 additions & 9 deletions users/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,8 @@
API_APPLICATION_NAME,
OAUTH2_PROVIDER,
OTP_EXPIRE_SECONDS,
AUTH0_TOKEN_URL,
AUTH0_CLIENT_ID,
AUTH0_CLIENT_SECRET,
AUTH0_AUDIENCE,
DEFAULT_FROM_EMAIL,
ANALYTICS_IDP,
)

from users.models import User, OneTimePassword, OrganizationUser
Expand Down Expand Up @@ -230,12 +227,15 @@ def update_organization_user(sender, instance: OrganizationUser, **kwargs):

@api_view(["POST"])
def retrieve_analytics_app_access_token(request):
"""Makes a client_credentials request to Auth0 app to get an access token."""
"""Requests the configured identity provider to retrieve an access token."""

payload = {
"grant_type": "client_credentials",
"client_id": AUTH0_CLIENT_ID,
"client_secret": AUTH0_CLIENT_SECRET,
"audience": AUTH0_AUDIENCE,
"client_id": ANALYTICS_IDP["client_id"],
"client_secret": ANALYTICS_IDP["client_secret"],
}
response = requests.post(AUTH0_TOKEN_URL, data=payload)
if ANALYTICS_IDP["type"] == "auth0":
payload.audience = ANALYTICS_IDP["audience"]

response = requests.post(ANALYTICS_IDP["token_url"], data=payload)
return Response(response.json(), status=status.HTTP_200_OK)