Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add django-authlib to enable SSO using GitHub into Django admin #4342

Open
sarayourfriend opened this issue May 15, 2024 · 0 comments
Open
Labels
💻 aspect: code Concerns the software code in the repository 🧰 goal: internal improvement Improvement that benefits maintainers, not users 🟩 priority: low Low priority and doesn't need to be rushed 🧱 stack: api Related to the Django API

Comments

@sarayourfriend
Copy link
Collaborator

Problem

As part of #383, we use a GitHub group in Cloudflare Access to allow some folks through to the Django admin site. However, we then also need to create separate Django accounts for them, including temporary passwords, and such.

It would be nice if we had some kind of SSO (in addition to another option that doesn't rely on a third party) for logging into Django Admin, and GitHub is a good option because we already manage user ACL through GitHub teams anyway.

Description

Add https://github.com/matthiask/django-authlib to the Django API, and incorporate it into Django Admin. Only allow members of the teams @WordPress/openverse-maintainers and @WordPress/openverse-content-moderators to sign in with GitHub SSO. Assign an appropriate Django role for each team. For members of openverse-maintainers, assign them as admins. For openverse-content-moderators, assign them the content moderator role.

Alternatives

Manage Django admin users by hand.

Host our own OIDC provider and don't use GitHub's authentication at all, not even for Cloudflare Access.

Additional context

This is just a "nice to have", nothing more.

@sarayourfriend sarayourfriend added 🟩 priority: low Low priority and doesn't need to be rushed 💻 aspect: code Concerns the software code in the repository 🧰 goal: internal improvement Improvement that benefits maintainers, not users 🧱 stack: api Related to the Django API labels May 15, 2024
@openverse-bot openverse-bot moved this to 📋 Backlog in Openverse Backlog May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
💻 aspect: code Concerns the software code in the repository 🧰 goal: internal improvement Improvement that benefits maintainers, not users 🟩 priority: low Low priority and doesn't need to be rushed 🧱 stack: api Related to the Django API
Projects
Status: 📋 Backlog
Development

No branches or pull requests

1 participant