zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-25 20:18:38 +02:00
Code Issues Projects Releases Packages Wiki Activity

Configure a Login.gov production OIDC provider

Browse source
This commit is contained in:
Neil Martinsen-Burrell 2023-11-01 10:57:28 -05:00
parent 0a6c7acd4d
commit b05c337efe
No known key found for this signature in database
GPG key ID: 6A3C818CC10D0184
2 changed files with 22 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/registrar/config/settings.py
View file

@ -49,6 +49,7 @@ env_debug = env.bool("DJANGO_DEBUG", default=False)
env_log_level = env.str("DJANGO_LOG_LEVEL", "DEBUG")
env_base_url = env.str("DJANGO_BASE_URL")
env_getgov_public_site_url = env.str("GETGOV_PUBLIC_SITE_URL", "")
env_oidc_active_provider = env.str("OIDC_ACTIVE_PROVIDER", "identity sandbox")
secret_login_key = b64decode(secret("DJANGO_SECRET_LOGIN_KEY", ""))
secret_key = secret("DJANGO_SECRET_KEY")
@ -482,11 +483,12 @@ OIDC_ALLOW_DYNAMIC_OP = False
# which provider to use if multiple are available
# (code does not currently support user selection)
OIDC_ACTIVE_PROVIDER = "login.gov"
# See above for the default value if the env variable is missing
OIDC_ACTIVE_PROVIDER = env_oidc_active_provider
OIDC_PROVIDERS = {
"login.gov": {
"identity sandbox": {
"srv_discovery_url": "https://idp.int.identitysandbox.gov",
"behaviour": {
# the 'code' workflow requires direct connectivity from us to Login.gov
@ -502,6 +504,22 @@ OIDC_PROVIDERS = {
"token_endpoint_auth_method": ["private_key_jwt"],
"sp_private_key": secret_login_key,
},
"login.gov production": {
"srv_discovery_url": "https://secure.login.gov",
"behaviour": {
# the 'code' workflow requires direct connectivity from us to Login.gov
"response_type": "code",
"scope": ["email", "profile:name", "phone"],
"user_info_request": ["email", "first_name", "last_name", "phone"],
"acr_value": "http://idmanagement.gov/ns/assurance/ial/2",
},
"client_registration": {
"client_id": "urn:gov:cisa:openidconnect.profiles:sp:sso:cisa:dotgov_registrar",
"redirect_uris": [f"{env_base_url}/openid/callback/login/"],
"post_logout_redirect_uris": [f"{env_base_url}/openid/callback/logout/"],
"token_endpoint_auth_method": ["private_key_jwt"],
"sp_private_key": secret_login_key,
},
}
}