From c49c2cfba36ba227389a78e35f9b1ccb0cbe8003 Mon Sep 17 00:00:00 2001 From: Joshua Laymon Date: Fri, 9 Jan 2026 23:03:06 +0000 Subject: [PATCH] Update web/illustrations/settings.py --- web/illustrations/settings.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/web/illustrations/settings.py b/web/illustrations/settings.py index 869f432..de524fd 100644 --- a/web/illustrations/settings.py +++ b/web/illustrations/settings.py @@ -12,7 +12,7 @@ SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") INSTALLED_APPS = [ "django.contrib.admin","django.contrib.auth","django.contrib.contenttypes", "django.contrib.sessions","django.contrib.messages","django.contrib.staticfiles", - "core", + "core","mozilla_django_oidc", ] MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", @@ -52,6 +52,12 @@ DATABASES = { } } +AUTHENTICATION_BACKENDS = ( + "core.auth_oidc.AuthentikOIDCBackend", # OIDC via Authentik + "django.contrib.auth.backends.ModelBackend", # keep existing username/password login +) + + LANGUAGE_CODE="en-us" TIME_ZONE="America/Chicago" USE_I18N=True @@ -66,6 +72,21 @@ LOGIN_REDIRECT_URL="/search/" LOGOUT_REDIRECT_URL="/login/" STATICFILES_STORAGE = "django.contrib.staticfiles.storage.ManifestStaticFilesStorage" +# --- Authentik OIDC --- +OIDC_RP_CLIENT_ID = os.getenv("OIDC_RP_CLIENT_ID", "") +OIDC_RP_CLIENT_SECRET = os.getenv("OIDC_RP_CLIENT_SECRET", "") + +OIDC_OP_AUTHORIZATION_ENDPOINT = os.getenv("OIDC_OP_AUTHORIZATION_ENDPOINT", "") +OIDC_OP_TOKEN_ENDPOINT = os.getenv("OIDC_OP_TOKEN_ENDPOINT", "") +OIDC_OP_USER_ENDPOINT = os.getenv("OIDC_OP_USER_ENDPOINT", "") +OIDC_OP_JWKS_ENDPOINT = os.getenv("OIDC_OP_JWKS_ENDPOINT", "") + +OIDC_RP_SCOPES = os.getenv("OIDC_RP_SCOPES", "openid email profile") +OIDC_CREATE_USER = True +USE_X_FORWARDED_HOST = True + + + OPENAI_API_KEY = os.environ.get("OPENAI_API_KEY", "") # Ensure MEDIA_ROOT exists (you likely already have this)