Fix authentication in dev mode

It is now possible to login in development mode via the /login url.

tutordiscovery/plugin.py

@@ -21,6 +21,7 @@ config = {
         "MYSQL_DATABASE": "discovery",
         "MYSQL_USERNAME": "discovery",
         "OAUTH2_KEY": "discovery",
+        "OAUTH2_KEY_DEV": "discovery-dev",
     },
 }
 

tutordiscovery/templates/discovery/apps/settings/partials/common.py

@@ -60,16 +60,9 @@ JWT_AUTH["JWT_AUDIENCE"] = "{{ JWT_COMMON_AUDIENCE }}"
 JWT_AUTH["JWT_SECRET_KEY"] = "{{ JWT_COMMON_SECRET_KEY }}"
 SOCIAL_AUTH_EDX_OIDC_SECRET = "{{ DISCOVERY_OAUTH2_SECRET }}"
 SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY = SOCIAL_AUTH_EDX_OIDC_SECRET
-SOCIAL_AUTH_EDX_OIDC_ISSUER = "http://localhost:8000/oauth2"
+SOCIAL_AUTH_EDX_OIDC_ISSUER = "{{ JWT_COMMON_ISSUER }}"
+SOCIAL_AUTH_EDX_OIDC_URL_ROOT = "http://lms:8000/oauth2"
 SOCIAL_AUTH_REDIRECT_IS_HTTPS = {% if ACTIVATE_HTTPS %}True{% else %}False{% endif %}
-SOCIAL_AUTH_EDX_OIDC_KEY = "{{ DISCOVERY_OAUTH2_KEY }}"
-# The following urls should be accessible from the outside by a discovery web user in
-# order to use the /login endpoint
-SOCIAL_AUTH_EDX_OIDC_URL_ROOT = "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/oauth2"
-SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL = "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/logout"
-SOCIAL_AUTH_EDX_OIDC_PUBLIC_URL_ROOT = SOCIAL_AUTH_EDX_OIDC_URL_ROOT
-SOCIAL_AUTH_EDX_OAUTH2_ISSUER = SOCIAL_AUTH_EDX_OIDC_URL_ROOT
-BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL = SOCIAL_AUTH_EDX_OIDC_URL_ROOT
 
 EDX_DRF_EXTENSIONS = {
     'OAUTH2_USER_INFO_URL': '{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/oauth2/user_info',

tutordiscovery/templates/discovery/apps/settings/tutor/development.py

@@ -1,3 +1,10 @@
 from ..devstack import *
 
 {% include "discovery/apps/settings/partials/common.py" %}
+
+# The following urls should be accessible from the outside by a discovery web user in
+# order to use the /login endpoint
+SOCIAL_AUTH_EDX_OIDC_PUBLIC_URL_ROOT = "http://localhost:8000/oauth2"
+SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL = "http://localhost:8000/logout"
+BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL = SOCIAL_AUTH_EDX_OIDC_URL_ROOT
+SOCIAL_AUTH_EDX_OIDC_KEY = "{{ DISCOVERY_OAUTH2_KEY_DEV }}"

tutordiscovery/templates/discovery/apps/settings/tutor/production.py

@@ -2,5 +2,12 @@ from ..production import *
 
 {% include "discovery/apps/settings/partials/common.py" %}
 
+# The following urls should be accessible from the outside by a discovery web user in
+# order to use the /login endpoint
+SOCIAL_AUTH_EDX_OIDC_PUBLIC_URL_ROOT = "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/oauth2"
+SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL = "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/logout"
+BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL = SOCIAL_AUTH_EDX_OIDC_URL_ROOT
+SOCIAL_AUTH_EDX_OIDC_KEY = "{{ DISCOVERY_OAUTH2_KEY }}"
+
 COMPRESS_ENABLED = True
 COMPRESS_OFFLINE = True

tutordiscovery/templates/discovery/hooks/discovery/init

@@ -5,7 +5,7 @@ make migrate
 # Creating partners: the courses-api-url and oidc-url-root need to be accessible
 # from inside the discovery container in order to successfully run init.
 # TODO add --ecommerce-api-url parameters
-# Development partner
+# Development partners
 ./manage.py create_or_update_partner  \
   --site-id 1 \
   --site-domain discovery.localhost \
@@ -14,16 +14,25 @@ make migrate
   --oidc-url-root "http://lms:8000/oauth2" \
   --oidc-key "{{ DISCOVERY_OAUTH2_KEY }}" \
   --oidc-secret "{{ DISCOVERY_OAUTH2_SECRET }}"
+ 
+./manage.py create_or_update_partner  \
+  --site-id 3 \
+  --site-domain localhost \
+  --code dev8381 --name "Open edX - development (localhost:8381)" \
+  --courses-api-url "http://lms:8000/api/courses/v1/" \
+  --oidc-url-root "http://lms:8000/oauth2" \
+  --oidc-key "{{ DISCOVERY_OAUTH2_KEY_DEV }}" \
+  --oidc-secret "{{ DISCOVERY_OAUTH2_SECRET }}"
 
-  # Production partner
-  ./manage.py create_or_update_partner  \
-    --site-id 2 \
-    --site-domain {{ DISCOVERY_HOST }} \
-    --code openedx --name "Open edX" \
-    --courses-api-url "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/api/courses/v1/" \
-    --oidc-url-root "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/oauth2" \
-    --oidc-key "{{ DISCOVERY_OAUTH2_KEY }}" \
-    --oidc-secret "{{ DISCOVERY_OAUTH2_SECRET }}"
+# Production partner
+./manage.py create_or_update_partner  \
+  --site-id 2 \
+  --site-domain {{ DISCOVERY_HOST }} \
+  --code openedx --name "Open edX" \
+  --courses-api-url "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/api/courses/v1/" \
+  --oidc-url-root "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/oauth2" \
+  --oidc-key "{{ DISCOVERY_OAUTH2_KEY }}" \
+  --oidc-secret "{{ DISCOVERY_OAUTH2_SECRET }}"
 
 ./manage.py refresh_course_metadata --partner_code=dev
 ./manage.py update_index --disable-change-limit

tutordiscovery/templates/discovery/hooks/lms/init

@@ -3,6 +3,18 @@ export DJANGO_SETTINGS_MODULE=$SERVICE_VARIANT.envs.$SETTINGS
 ./manage.py lms manage_user discovery discovery@{{ LMS_HOST }} --staff --superuser
 ./manage.py lms manage_user lms_catalog_service_user lms_catalog_service_user@{{ LMS_HOST }}
 
+# Development client
+./manage.py lms create_oauth2_client \
+    "http://localhost:8381" \
+    "http://localhost:8381/complete/edx-oidc/" \
+    confidential \
+    --client_name discovery-dev \
+    --client_id {{ DISCOVERY_OAUTH2_KEY_DEV }} \
+    --client_secret {{ DISCOVERY_OAUTH2_SECRET }} \
+    --username discovery \
+    --trusted
+
+# Production client
 ./manage.py lms create_oauth2_client \
     "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ DISCOVERY_HOST }}" \
     "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ DISCOVERY_HOST }}/complete/edx-oidc/" \