Merge branch 'readme-oidc' into 'master'

Add oidc info to README See merge request !247

Merge branch 'readme-oidc' into 'master'
Add oidc info to README See merge request !247
740d8f62 · Andreas Ellewsen · c800ce78 · c7215d52 · 740d8f62
Commit 740d8f62 authored 3 years ago by Andreas Ellewsen
--- a/README.md
+++ b/README.md
@@ -28,6 +28,25 @@ Local configuration is read from `gregsite/settings/local.py`. Put secrets and l

 Any settings in `local.py` override definitions in `base.py`, `dev.py` and `prod.py`.

+### Login
+
+Sponsors and Guests are expected to log in using Feide/ID-porten through Dataporten.
+For development you can make a client at https://dashboard.dataporten.no/.
+For production the institution's Feide admin must do it for you.
+
+The following settings must be set:
+
+- Client type: "Confidential"
+- Callback url: http://localhost:8000/oidc/callback/ for dev or https://your.domain/oidc/callback for prod
+- Scopes: email, openid, userid, userid-feide, userid-nin, profile, iss.
+- Require user interaction box: Checked
+
+Auth Providers depends on what you're doing. For development you want at least _Feide guest users_ or _Feide test users_ checked. For production you want _IDporten_ and whichever institution you're configuring.
+
+Take care to also set the OIDC_RP_CLIENT_ID and OIDC_RP_CLIENT_SECRET values in the local.py settings file (if you're using the regular deployment this is done in a separate repository).
+
+Note also that there are a series of other settings variables related to this in the base.py settings file, that will need other values in case you choose to use a different login provider than Dataporten.
+
 ## Development

    python manage.py migrate