In order to create user accounts in Open edX and permit authentication from xPro to Open edX, you need to configure xPro as an OAuth2 provider for Open edX.
Following steps are inspired by edx-devstack.
$ mkdir openedx
$ cd openedx
$ git clone https://github.com/edx/devstack
$ cd devstack
$ git checkout open-release/maple.master
$ make requirements
$ export OPENEDX_RELEASE=maple.master
$ make dev.clone
$ cd ..
$ git clone https://github.com/mitodl/edx-platform
$ cd edx-platform
$ git checkout xpro/maple
$ cd devstack
$ make pull
$ make dev.provision
make dev.up
make stop
There are two options for this:
pip install social-auth-mitxpro
- Checkout the social-auth-mitxpro project and build the package per the project instructions
- Copy the
social-auth-mitxpro-$VERSION.tar.gzfile into devstack'sedx-platformdirectory - In devstack, run
make lms-shelland within that shellpip install social-auth-mitxpro-$VERSION.tar.gz- To update to a new development version without having to actually bump the package version, simply
pip uninstall social-auth-mitxpro, then install again
- To update to a new development version without having to actually bump the package version, simply
There are two options for this:
pip install openedx-companion-auth
- Checkout the openedx-companion-auth project and build the package as per the project instructions
- Copy the
openedx-companion-auth-$VERSION.tar.gzfile fromdistfolder into devstack'sedx-platformdirectory - In devstack, run
make lms-shelland within that shellpip install openedx-companion-auth-$VERSION.tar.gz- To update to a new development version without having to actually bump the package version, simply
pip uninstall -y openedx-companion-auth, then install again
- To update to a new development version without having to actually bump the package version, simply
In xPro:
-
go to
/admin/oauth2_provider/application/and create a new application with these settings selected:-
Redirect uris:http://<EDX_HOSTNAME>:18000/auth/complete/mitxpro-oauth2/- [OSX users] You will need redirect uris for both the local edX host alias and for
host.docker.internal. This value should be:
http://edx.odl.local:18000/auth/complete/mitxpro-oauth2/ http://host.docker.internal:18000/auth/complete/mitxpro-oauth2/
- [Linux users] You will need redirect uris for both the local edX host alias and for the gateway IP of the docker-compose networking setup for xPro as found via
docker network inspect mitxpro_default
http://edx.odl.local:18000/auth/complete/mitxpro-oauth2/ http://<GATEWAY_IP>:18000/auth/complete/mitxpro-oauth2/ # `GATEWAY_IP` should be something like `172.19.0.1`.
- [OSX users] You will need redirect uris for both the local edX host alias and for
-
Client type: "Confidential" -
Authorization grant type: "Authorization code" -
Skip authorization: checked -
Other values are arbitrary but be sure to fill them all out. Save the client id and secret for later
-
In Open edX (derived from instructions here):
make lms-shellinto the LMS container and ensure the following settings:/edx/etc/lms.yml:FEATURES: ALLOW_PUBLIC_ACCOUNT_CREATION: true ENABLE_COMBINED_LOGIN_REGISTRATION: true ENABLE_OAUTH2_PROVIDER: true ENABLE_THIRD_PARTY_AUTH: true ... REGISTRATION_EXTRA_FIELDS: ... country: hidden ... SOCIAL_AUTH_OAUTH_SECRETS: mitxpro-oauth2: <xpro_application_client_secret> THIRD_PARTY_AUTH_BACKENDS: - social_auth_mitxpro.backends.MITxProOAuth2
make lms-restartto pick up the configuration changes- Login to django-admin, go to
http://<EDX_HOSTNAME>:18000/admin/third_party_auth/oauth2providerconfig/, and create a new config:- Select the default example site
- The slug field MUST match the
Backend.name, which for us ismitxpro-oauth2 - Client Id should be the client id from the xPro Django Oauth Toolkit Application
- Check the following checkboxes:
- Skip hinted login dialog
- Skip registration form
- Sync learner profile data
- Enable SSO id verification
- In "Other settings", put:
{ "AUTHORIZATION_URL": "http://<LOCAL_XPRO_ALIAS>:8053/oauth2/authorize/", "ACCESS_TOKEN_URL": "http://<EXTERNAL_XPRO_HOST>:8053/oauth2/token/", "API_ROOT": "http://<EXTERNAL_XPRO_HOST>:8053/" }LOCAL_XPRO_ALIASshould be your/etc/hostsalias for the mitxpro appEXTERNAL_XPRO_HOSTwill depend on your OS, but it needs to be resolvable within the edx container- Linux users: The gateway IP of the docker-compose networking setup for xPro as found via
docker network inspect mitxpro_default - OSX users: Use
host.docker.internal
- Linux users: The gateway IP of the docker-compose networking setup for xPro as found via
- In Open edX:
- go to
/admin/oauth2_provider/application/and verify that an application named 'edx-oauth-app' exists with these settings:Redirect uris:http://xpro.odl.local:8053/login/_private/completeClient type: "Confidential"Authorization grant type: "Authorization code"Skip authorization: checked- Other values are arbitrary but be sure to fill them all out. Save the client id and secret for later
- go to
- In xPro:
- Set
OPENEDX_API_CLIENT_IDto the client id - Set
OPENEDX_API_CLIENT_SECRETto the client secret
- Set
-
In Open edX, configure
settings.IDA_LOGOUT_URI_LISTto be a list including the full url to<protocol>://<hostname>[:<port>]/logoutin xPro- For devstack, this means modifying the value in
edx-platform/lms/envs/devstack.pyto includehttp://xpro.odl.local:8053/logout - For production, this setting can go in
lms.env.jsonunder the keyIDA_LOGOUT_URI_LISTas a JSON array of with that string in it
- For devstack, this means modifying the value in
-
xPro:
- Set
LOGOUT_REDIRECT_URLto the full path to the edx/logoutview.- For local development this will be
http://<EDX_HOSTNAME>:18000/logout
- For local development this will be
- Set
- In Open edX, create a staff user and then under
/admin/oauth2_provider/accesstoken/add access token. The value of said token needs to match the value set for theOPENEDX_SERVICE_WORKER_API_TOKENkey in the xPro app.