%global _empty_manifest_terminate_build 0 Name: python-django-okta-auth Version: 0.8.0 Release: 1 Summary: Django Authentication for Okta OpenID License: MIT URL: https://github.com/AzMoo/django-okta-auth Source0: https://mirrors.nju.edu.cn/pypi/web/packages/2e/d5/c86708045d5e9293b24b49625fbcef73571a8fb1c67e5785da0d07bc22cd/django-okta-auth-0.8.0.tar.gz BuildArch: noarch Requires: python3-Django Requires: python3-PyJWT Requires: python3-jose[cryptography] Requires: python3-requests %description # Django Okta Auth ## Overview Django Okta Auth is a library that acts as a client for the Okta OpenID Connect provider. The library provides a set of views for login, logout and callback, an auth backend for authentication, a middleware for token verification in requests, and a decorator that can be selectively applied to individual views. It's heavily influenced by [okta-django-samples](https://github.com/zeekhoo-okta/okta-django-samples) but there's a few fundamental changes and further implementation of things like refresh tokens which weren't initially implemented. This project is in no way affiliated with Okta. ## Installation Install from PyPI: pip install django-okta-auth ## Configuration ### Install the App Add `okta_oauth2.apps.OktaOauth2Config` to `INSTALLED_APPS`: ```python INSTALLED_APPS = ( "...", 'okta_oauth2.apps.OktaOauth2Config', "..." ) ``` ### Authentication Backend You will need to install the authentication backend. This extends Django's default `ModelBackend` which uses the configured database for user storage, but overrides the `authenticate` method to accept the `auth_code` returned by Okta's `/authorize` API endpoint [as documented here](https://developer.okta.com/docs/reference/api/oidc/#authorize). The Authentication Backend should be configured as so: ```python AUTHENTICATION_BACKENDS = ("okta_oauth2.backend.OktaBackend",) ``` ### Using the middleware You can use the middleware to check for valid tokens during ever refresh and automatically refresh tokens when they expire. By using the middleware you are defaulting to requiring authentication on all your views unless they have been marked as public in `PUBLIC_NAMED_URLS` or `PUBLIC_URLS`. The order of middleware is important and the `OktaMiddleware` must be below the `SessionMiddleware` and `AuthenticationMiddleware` to ensure that the session and the user are both on the request: ```python MIDDLEWARE = ( 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'okta_oauth2.middleware.OktaMiddleware' ) ``` ### Using the decorator The alternative to using the middleware is to selectively apply the `okta_oauth2.decorators.okta_login_required` decorator to views you wish to protect. When the view is accessed the decorator will check that valid tokens exist on the session, and if they don't then it will redirect to the login. The decorator is applied to a view like so: ```python from okta_oauth2.decorators import okta_login_required @okta_login_required def decorated_view(request): return HttpResponse("i am a protected view") ``` ### Update urls.py Add the `django-okta-auth` views to your `urls.py`. This will provide the `login`, `logout` and `callback` views which are required by the login flows. ```python from django.urls import include, path urlpatterns = [ path('accounts/', include(("okta_oauth2.urls", "okta_oauth2"), namespace="okta_oauth2")), ] ``` ### Setup your Okta Application In the Okta admin console create your application with the following steps: 1. Click `Create New App` 2. Choose the `Web` platform 3. Choose the `OpenID Connect` Sign on method 4. Click the `Create` button 5. Give the application a name and choose a logo if desired 6. Add the URL to the login view as defined in the previous section, eg. `http://localhost:8000/accounts/login/` 7. Click the `Save` button 8. In the General Settings of the application click edit and check `Authorization Code` and the `Refresh Token` under `Allowed grant types`. 9. Save the settings 10. Take note of the `Client ID` and the `Client secret` in the Client Credentials for use in the next section. It is important to note that the `Client secret` is confidential and under no circumstances should be exposed publicly. ### Django Okta Settings Django Okta Auth settings should be specified in your django `settings.py` as follows: ```python OKTA_AUTH = { "ORG_URL": "https://your-org.okta.com/", "ISSUER": "https://your-org.okta.com/oauth2/default", "CLIENT_ID": "yourclientid", "CLIENT_SECRET": "yourclientsecret", "SCOPES": "openid profile email offline_access", # this is the default and can be omitted "REDIRECT_URI": "http://localhost:8000/accounts/oauth2/callback", "LOGIN_REDIRECT_URL": "/", # default "CACHE_PREFIX": "okta", # default "CACHE_ALIAS": "default", # default "PUBLIC_NAMED_URLS": (), # default "PUBLIC_URLS": (), # default "USE_USERNAME": False, # default } ``` ### Login Template The login view will render the `okta_oauth2/login.html` template. It will be passed the following information in the `config` template context variable: ```python { "clientId": settings.OKTA_AUTH["CLIENT_ID"], "url": settings.OKTA_AUTH["ORG_URL"], "redirectUri": settings.OKTA_AUTH["REDIRECT_URI"], "scope": settings.OKTA_AUTH["SCOPES"], "issuer": settings.OKTA_AUTH["ISSUER"] } ``` The easiest way to use this is to implement the [Okta Sign-In Widget](https://developer.okta.com/code/javascript/okta_sign-in_widget/) in your template. A minimal template for the login could be: ```html
``` ## Settings Reference **_ORG_URL_**: _str_. URL Okta provides for your organization account. This is the URL that you log in to for the admin panel, minus the `-admin`. eg, if your admin URL is https://myorg-admin.okta.com/ then your `ORG_URL` should be: https://myorg.okta.com/ **_ISSUER_** _str_. This is the URL for your Authorization Server. If you're using the default authorization server then this will be: `https://{ORG_URL}/oauth2/default` **_CLIENT_ID_** _str_. The Client ID provided by your Okta Application. **_CLIENT_SECRET_** _str_. The Client Secret provided by your Okta Application. **_SCOPES_** _str_. The scopes requested from the OpenID Authorization server. At the very least this needs to be `"openid profile email"` but if you want to use refresh tokens you will need `"openid profile email offline_access"`. This is the default. If you want Okta to manage your groups then you should also include `groups` in your scopes. **_REDIRECT_URI_** _str_. This is the URL to the `callback` view that the okta Sign-In Widget will redirect the browser to after the username and password have been authorized. If the directions in the `urls.py` section of the documentation were followed and your django server is running on `localhost:8000` then this will be: http://localhost:8000/accounts/callback/ **_LOGIN_REDIRECT_URL_** _str_. This is the URL to redirect to from the `callback` after a successful login. Defaults to `/`. **_CACHE_PREFIX_** _str_. The application will utilise the django cache to store public keys requested from Okta in an effort to minimise network round-trips and speed up authorization. This setting will control the prefix for the cache keys. Defaults to `okta`. **_CACHE_ALIAS_** _str_. Specify which django cache should be utilised for storing public keys. Defaults to `default`. **_PUBLIC_NAMED_URLS_** _List[str]_. A list or tuple of URL names that should be accessible without tokens. If you add a URL in this setting the middleware won't check for tokens. Default is: `[]` **_PUBLIC_URLS_** _List[str]_. A list or tuple of URL regular expressions that should be accessible without tokens. If you add a regex in this setting the middleware won't check matching paths for tokens. Default is `[]`. **_SUPERUSER_GROUP_** _str_. Members of this group will have the django `is_superuser` user flags set. **_STAFF_GROUP_** _str_. Members of this group will have the django `is_staff` user flags set. **_MANAGE_GROUPS_** _bool_. If true the authentication backend will manage django groups for you. ***USE_USERNAME*** *bool*. If true the authentication backend will lookup django users by username rather than email. ## License MIT License Copyright (c) 2020 Matt Magin Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. %package -n python3-django-okta-auth Summary: Django Authentication for Okta OpenID Provides: python-django-okta-auth BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-django-okta-auth # Django Okta Auth ## Overview Django Okta Auth is a library that acts as a client for the Okta OpenID Connect provider. The library provides a set of views for login, logout and callback, an auth backend for authentication, a middleware for token verification in requests, and a decorator that can be selectively applied to individual views. It's heavily influenced by [okta-django-samples](https://github.com/zeekhoo-okta/okta-django-samples) but there's a few fundamental changes and further implementation of things like refresh tokens which weren't initially implemented. This project is in no way affiliated with Okta. ## Installation Install from PyPI: pip install django-okta-auth ## Configuration ### Install the App Add `okta_oauth2.apps.OktaOauth2Config` to `INSTALLED_APPS`: ```python INSTALLED_APPS = ( "...", 'okta_oauth2.apps.OktaOauth2Config', "..." ) ``` ### Authentication Backend You will need to install the authentication backend. This extends Django's default `ModelBackend` which uses the configured database for user storage, but overrides the `authenticate` method to accept the `auth_code` returned by Okta's `/authorize` API endpoint [as documented here](https://developer.okta.com/docs/reference/api/oidc/#authorize). The Authentication Backend should be configured as so: ```python AUTHENTICATION_BACKENDS = ("okta_oauth2.backend.OktaBackend",) ``` ### Using the middleware You can use the middleware to check for valid tokens during ever refresh and automatically refresh tokens when they expire. By using the middleware you are defaulting to requiring authentication on all your views unless they have been marked as public in `PUBLIC_NAMED_URLS` or `PUBLIC_URLS`. The order of middleware is important and the `OktaMiddleware` must be below the `SessionMiddleware` and `AuthenticationMiddleware` to ensure that the session and the user are both on the request: ```python MIDDLEWARE = ( 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'okta_oauth2.middleware.OktaMiddleware' ) ``` ### Using the decorator The alternative to using the middleware is to selectively apply the `okta_oauth2.decorators.okta_login_required` decorator to views you wish to protect. When the view is accessed the decorator will check that valid tokens exist on the session, and if they don't then it will redirect to the login. The decorator is applied to a view like so: ```python from okta_oauth2.decorators import okta_login_required @okta_login_required def decorated_view(request): return HttpResponse("i am a protected view") ``` ### Update urls.py Add the `django-okta-auth` views to your `urls.py`. This will provide the `login`, `logout` and `callback` views which are required by the login flows. ```python from django.urls import include, path urlpatterns = [ path('accounts/', include(("okta_oauth2.urls", "okta_oauth2"), namespace="okta_oauth2")), ] ``` ### Setup your Okta Application In the Okta admin console create your application with the following steps: 1. Click `Create New App` 2. Choose the `Web` platform 3. Choose the `OpenID Connect` Sign on method 4. Click the `Create` button 5. Give the application a name and choose a logo if desired 6. Add the URL to the login view as defined in the previous section, eg. `http://localhost:8000/accounts/login/` 7. Click the `Save` button 8. In the General Settings of the application click edit and check `Authorization Code` and the `Refresh Token` under `Allowed grant types`. 9. Save the settings 10. Take note of the `Client ID` and the `Client secret` in the Client Credentials for use in the next section. It is important to note that the `Client secret` is confidential and under no circumstances should be exposed publicly. ### Django Okta Settings Django Okta Auth settings should be specified in your django `settings.py` as follows: ```python OKTA_AUTH = { "ORG_URL": "https://your-org.okta.com/", "ISSUER": "https://your-org.okta.com/oauth2/default", "CLIENT_ID": "yourclientid", "CLIENT_SECRET": "yourclientsecret", "SCOPES": "openid profile email offline_access", # this is the default and can be omitted "REDIRECT_URI": "http://localhost:8000/accounts/oauth2/callback", "LOGIN_REDIRECT_URL": "/", # default "CACHE_PREFIX": "okta", # default "CACHE_ALIAS": "default", # default "PUBLIC_NAMED_URLS": (), # default "PUBLIC_URLS": (), # default "USE_USERNAME": False, # default } ``` ### Login Template The login view will render the `okta_oauth2/login.html` template. It will be passed the following information in the `config` template context variable: ```python { "clientId": settings.OKTA_AUTH["CLIENT_ID"], "url": settings.OKTA_AUTH["ORG_URL"], "redirectUri": settings.OKTA_AUTH["REDIRECT_URI"], "scope": settings.OKTA_AUTH["SCOPES"], "issuer": settings.OKTA_AUTH["ISSUER"] } ``` The easiest way to use this is to implement the [Okta Sign-In Widget](https://developer.okta.com/code/javascript/okta_sign-in_widget/) in your template. A minimal template for the login could be: ```html ``` ## Settings Reference **_ORG_URL_**: _str_. URL Okta provides for your organization account. This is the URL that you log in to for the admin panel, minus the `-admin`. eg, if your admin URL is https://myorg-admin.okta.com/ then your `ORG_URL` should be: https://myorg.okta.com/ **_ISSUER_** _str_. This is the URL for your Authorization Server. If you're using the default authorization server then this will be: `https://{ORG_URL}/oauth2/default` **_CLIENT_ID_** _str_. The Client ID provided by your Okta Application. **_CLIENT_SECRET_** _str_. The Client Secret provided by your Okta Application. **_SCOPES_** _str_. The scopes requested from the OpenID Authorization server. At the very least this needs to be `"openid profile email"` but if you want to use refresh tokens you will need `"openid profile email offline_access"`. This is the default. If you want Okta to manage your groups then you should also include `groups` in your scopes. **_REDIRECT_URI_** _str_. This is the URL to the `callback` view that the okta Sign-In Widget will redirect the browser to after the username and password have been authorized. If the directions in the `urls.py` section of the documentation were followed and your django server is running on `localhost:8000` then this will be: http://localhost:8000/accounts/callback/ **_LOGIN_REDIRECT_URL_** _str_. This is the URL to redirect to from the `callback` after a successful login. Defaults to `/`. **_CACHE_PREFIX_** _str_. The application will utilise the django cache to store public keys requested from Okta in an effort to minimise network round-trips and speed up authorization. This setting will control the prefix for the cache keys. Defaults to `okta`. **_CACHE_ALIAS_** _str_. Specify which django cache should be utilised for storing public keys. Defaults to `default`. **_PUBLIC_NAMED_URLS_** _List[str]_. A list or tuple of URL names that should be accessible without tokens. If you add a URL in this setting the middleware won't check for tokens. Default is: `[]` **_PUBLIC_URLS_** _List[str]_. A list or tuple of URL regular expressions that should be accessible without tokens. If you add a regex in this setting the middleware won't check matching paths for tokens. Default is `[]`. **_SUPERUSER_GROUP_** _str_. Members of this group will have the django `is_superuser` user flags set. **_STAFF_GROUP_** _str_. Members of this group will have the django `is_staff` user flags set. **_MANAGE_GROUPS_** _bool_. If true the authentication backend will manage django groups for you. ***USE_USERNAME*** *bool*. If true the authentication backend will lookup django users by username rather than email. ## License MIT License Copyright (c) 2020 Matt Magin Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. %package help Summary: Development documents and examples for django-okta-auth Provides: python3-django-okta-auth-doc %description help # Django Okta Auth ## Overview Django Okta Auth is a library that acts as a client for the Okta OpenID Connect provider. The library provides a set of views for login, logout and callback, an auth backend for authentication, a middleware for token verification in requests, and a decorator that can be selectively applied to individual views. It's heavily influenced by [okta-django-samples](https://github.com/zeekhoo-okta/okta-django-samples) but there's a few fundamental changes and further implementation of things like refresh tokens which weren't initially implemented. This project is in no way affiliated with Okta. ## Installation Install from PyPI: pip install django-okta-auth ## Configuration ### Install the App Add `okta_oauth2.apps.OktaOauth2Config` to `INSTALLED_APPS`: ```python INSTALLED_APPS = ( "...", 'okta_oauth2.apps.OktaOauth2Config', "..." ) ``` ### Authentication Backend You will need to install the authentication backend. This extends Django's default `ModelBackend` which uses the configured database for user storage, but overrides the `authenticate` method to accept the `auth_code` returned by Okta's `/authorize` API endpoint [as documented here](https://developer.okta.com/docs/reference/api/oidc/#authorize). The Authentication Backend should be configured as so: ```python AUTHENTICATION_BACKENDS = ("okta_oauth2.backend.OktaBackend",) ``` ### Using the middleware You can use the middleware to check for valid tokens during ever refresh and automatically refresh tokens when they expire. By using the middleware you are defaulting to requiring authentication on all your views unless they have been marked as public in `PUBLIC_NAMED_URLS` or `PUBLIC_URLS`. The order of middleware is important and the `OktaMiddleware` must be below the `SessionMiddleware` and `AuthenticationMiddleware` to ensure that the session and the user are both on the request: ```python MIDDLEWARE = ( 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'okta_oauth2.middleware.OktaMiddleware' ) ``` ### Using the decorator The alternative to using the middleware is to selectively apply the `okta_oauth2.decorators.okta_login_required` decorator to views you wish to protect. When the view is accessed the decorator will check that valid tokens exist on the session, and if they don't then it will redirect to the login. The decorator is applied to a view like so: ```python from okta_oauth2.decorators import okta_login_required @okta_login_required def decorated_view(request): return HttpResponse("i am a protected view") ``` ### Update urls.py Add the `django-okta-auth` views to your `urls.py`. This will provide the `login`, `logout` and `callback` views which are required by the login flows. ```python from django.urls import include, path urlpatterns = [ path('accounts/', include(("okta_oauth2.urls", "okta_oauth2"), namespace="okta_oauth2")), ] ``` ### Setup your Okta Application In the Okta admin console create your application with the following steps: 1. Click `Create New App` 2. Choose the `Web` platform 3. Choose the `OpenID Connect` Sign on method 4. Click the `Create` button 5. Give the application a name and choose a logo if desired 6. Add the URL to the login view as defined in the previous section, eg. `http://localhost:8000/accounts/login/` 7. Click the `Save` button 8. In the General Settings of the application click edit and check `Authorization Code` and the `Refresh Token` under `Allowed grant types`. 9. Save the settings 10. Take note of the `Client ID` and the `Client secret` in the Client Credentials for use in the next section. It is important to note that the `Client secret` is confidential and under no circumstances should be exposed publicly. ### Django Okta Settings Django Okta Auth settings should be specified in your django `settings.py` as follows: ```python OKTA_AUTH = { "ORG_URL": "https://your-org.okta.com/", "ISSUER": "https://your-org.okta.com/oauth2/default", "CLIENT_ID": "yourclientid", "CLIENT_SECRET": "yourclientsecret", "SCOPES": "openid profile email offline_access", # this is the default and can be omitted "REDIRECT_URI": "http://localhost:8000/accounts/oauth2/callback", "LOGIN_REDIRECT_URL": "/", # default "CACHE_PREFIX": "okta", # default "CACHE_ALIAS": "default", # default "PUBLIC_NAMED_URLS": (), # default "PUBLIC_URLS": (), # default "USE_USERNAME": False, # default } ``` ### Login Template The login view will render the `okta_oauth2/login.html` template. It will be passed the following information in the `config` template context variable: ```python { "clientId": settings.OKTA_AUTH["CLIENT_ID"], "url": settings.OKTA_AUTH["ORG_URL"], "redirectUri": settings.OKTA_AUTH["REDIRECT_URI"], "scope": settings.OKTA_AUTH["SCOPES"], "issuer": settings.OKTA_AUTH["ISSUER"] } ``` The easiest way to use this is to implement the [Okta Sign-In Widget](https://developer.okta.com/code/javascript/okta_sign-in_widget/) in your template. A minimal template for the login could be: ```html ``` ## Settings Reference **_ORG_URL_**: _str_. URL Okta provides for your organization account. This is the URL that you log in to for the admin panel, minus the `-admin`. eg, if your admin URL is https://myorg-admin.okta.com/ then your `ORG_URL` should be: https://myorg.okta.com/ **_ISSUER_** _str_. This is the URL for your Authorization Server. If you're using the default authorization server then this will be: `https://{ORG_URL}/oauth2/default` **_CLIENT_ID_** _str_. The Client ID provided by your Okta Application. **_CLIENT_SECRET_** _str_. The Client Secret provided by your Okta Application. **_SCOPES_** _str_. The scopes requested from the OpenID Authorization server. At the very least this needs to be `"openid profile email"` but if you want to use refresh tokens you will need `"openid profile email offline_access"`. This is the default. If you want Okta to manage your groups then you should also include `groups` in your scopes. **_REDIRECT_URI_** _str_. This is the URL to the `callback` view that the okta Sign-In Widget will redirect the browser to after the username and password have been authorized. If the directions in the `urls.py` section of the documentation were followed and your django server is running on `localhost:8000` then this will be: http://localhost:8000/accounts/callback/ **_LOGIN_REDIRECT_URL_** _str_. This is the URL to redirect to from the `callback` after a successful login. Defaults to `/`. **_CACHE_PREFIX_** _str_. The application will utilise the django cache to store public keys requested from Okta in an effort to minimise network round-trips and speed up authorization. This setting will control the prefix for the cache keys. Defaults to `okta`. **_CACHE_ALIAS_** _str_. Specify which django cache should be utilised for storing public keys. Defaults to `default`. **_PUBLIC_NAMED_URLS_** _List[str]_. A list or tuple of URL names that should be accessible without tokens. If you add a URL in this setting the middleware won't check for tokens. Default is: `[]` **_PUBLIC_URLS_** _List[str]_. A list or tuple of URL regular expressions that should be accessible without tokens. If you add a regex in this setting the middleware won't check matching paths for tokens. Default is `[]`. **_SUPERUSER_GROUP_** _str_. Members of this group will have the django `is_superuser` user flags set. **_STAFF_GROUP_** _str_. Members of this group will have the django `is_staff` user flags set. **_MANAGE_GROUPS_** _bool_. If true the authentication backend will manage django groups for you. ***USE_USERNAME*** *bool*. If true the authentication backend will lookup django users by username rather than email. ## License MIT License Copyright (c) 2020 Matt Magin Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. %prep %autosetup -n django-okta-auth-0.8.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-django-okta-auth -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Mon May 15 2023 Python_Bot