From 754dafcab15e790cdd42e6c449cdd503d99036e4 Mon Sep 17 00:00:00 2001
From: Klaas Kliffen <kliffen@astron.nl>
Date: Wed, 27 Sep 2023 16:17:25 +0200
Subject: [PATCH] Update settings for openid

---
 atdb/atdb/settings/base.py | 37 +++++++++++++++++++++++--------------
 atdb/requirements/base.txt |  4 ++--
 2 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/atdb/atdb/settings/base.py b/atdb/atdb/settings/base.py
index 376c991a..7fcfe6e7 100644
--- a/atdb/atdb/settings/base.py
+++ b/atdb/atdb/settings/base.py
@@ -45,8 +45,7 @@ INSTALLED_APPS = [
     'allauth',
     'allauth.account',
     'allauth.socialaccount',
-    'allauth.socialaccount.providers.keycloak',
-
+    'allauth.socialaccount.providers.openid_connect',
 ]
 
 MIDDLEWARE = [
@@ -59,6 +58,7 @@ MIDDLEWARE = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'allauth.account.middleware.AccountMiddleware',
     #'silk.middleware.SilkyMiddleware',
 ]
 
@@ -228,17 +228,27 @@ AUTHENTICATION_BACKENDS = [
     "allauth.account.auth_backends.AuthenticationBackend",
 ]
 
-try:
-    KEYCLOAK_URL = os.environ['KEYCLOAK_URL']
-except:
-    KEYCLOAK_URL = 'https://keycloak.astron.nl/auth'
-
+# Set your keycloak url and realm
 SOCIALACCOUNT_PROVIDERS = {
-    'keycloak': {
-        'KEYCLOAK_URL': KEYCLOAK_URL,
-        'KEYCLOAK_REALM': 'SDC',
-        'SCOPE': ['openid', 'profile', 'email']
-    }
+    "openid_connect": {
+        "SERVERS": [
+            {
+                "id": "keycloak",
+                "name": "Keycloak",
+                "server_url": os.getenv(
+                    "KEYCLOAK_URL", "https://keycloak.astron.nl/auth"
+                )
+                + "/realms/"
+                + os.getenv("KEYCLOAK_REALM", "SDC")
+                + "/.well-known/openid-configuration",
+                "APP": {
+                    "client_id": os.getenv("KEYCLOAK_CLIENT_ID"),
+                    "secret": os.getenv("KEYCLOAK_CLIENT_SECRET"),
+                },
+                "SCOPE": ["openid", "profile", "email"],
+            }
+        ]
+    },
 }
 
 try:
@@ -247,11 +257,10 @@ except:
     LOGIN_REDIRECT_URL = '/atdb/'
 
 logger.info("LOGIN_REDIRECT_URL:" + LOGIN_REDIRECT_URL)
-logger.info("KEYCLOAK_URL:" + KEYCLOAK_URL)
 
 
 SESSION_COOKIE_NAME = 'atdb_session_id'
 CSRF_COOKIE_NAME = 'atdb_csrftoken'
 
 #SILKY_PYTHON_PROFILER = False
-#SILKY_PYTHON_PROFILER_BINARY = False
\ No newline at end of file
+#SILKY_PYTHON_PROFILER_BINARY = False
diff --git a/atdb/requirements/base.txt b/atdb/requirements/base.txt
index 694d6390..bf22f774 100644
--- a/atdb/requirements/base.txt
+++ b/atdb/requirements/base.txt
@@ -1,6 +1,6 @@
 astronauth==0.3.3
 Django==3.2
-django-allauth==0.52.0
+django-allauth==0.57.0  # note allauth only supports Django >= 3.2
 django-bootstrap-pagination==1.7.0
 django-bootstrap3==14.2.0
 django-cors-headers==3.6.0
@@ -15,4 +15,4 @@ psycopg2-binary==2.9.3
 python3-openid==3.2.0
 requests-oauthlib==1.3.1
 six==1.15.0
-whitenoise==5.0.1
\ No newline at end of file
+whitenoise==5.0.1
-- 
GitLab