The following examples show best practices for using Okta's Sign-In Widget and AuthJS SDK with Django
AcmeHealth is a starter project for developers looking to incorporate OAuth2/OpenID Connect into their web applications. Using industry best practices, the AcmeHealth project will provide you with an end-to-end example of common authentication scenarios.
| Scenario | Summary |
|---|---|
| Authentication | Using the Authorization Code Grant, the Sign-In Widget and AuthJS SDK, request an authorization code from Okta or the Social IDP |
| Code Extraction | Parsed from the /callback URL query parameter, the code is exchanged for an id_token and access_token from Okta |
| Validate Token | If an id_token is requested, it is validated per OpenID Spec 3.1.3.7. If id_token is valid, a local user is created / matched |
| Set Session | Sets a session cookie upon successful login |
| Sample | Button |
|---|---|
| Redirect to IdP (Okta) |  |
| Simple Login Experience using Sign-In Widget |  |
| Social IdP (LinkedIn) |  |
###Pre-requisites This sample application was tested with an Okta organization. If you do not have an Okta organization, you can easily sign up for a free Developer Okta org.
- Verify OpenID Connect is enabled for your Okta organization.
Admin -> Applications -> Add Application -> Create New App -> OpenID Connect
- If you do not see this option, email [email protected] to enable it.
- In the Create A New Application Integration screen, click the Platform dropdown and select Web
- Press Create. When the page appears, enter an Application Name. Press Next.
- Add the following to the list of Redirect URIs:
http://localhost:8080http://localhost:8080/stateful/callback
- Click Finish to redirect back to the General Settings of your application.
- Copy the Client ID, as it will be needed for the client configuration.
- Select the Edit button and change the Client Authentication to Client Secret. Copy the Client Secret, as it will be needed for the client configuration.
- Enable CORS access to your Okta organization
- In the navigation bar, select Security then API.
- Select the CORS tab
- Click the Edit button and add
http://localhost:8080 - Save
- Finally, select the People tab and Assign to People in your organization.
With a local copy of the samples, use the following commands on Mac OS X or Linux:
$ virtualenv venv
$ source venv/bin/activate
$ pip install -r requirements.txt
Begin by syncing the local database for User authentication.
$ python manage.py migrate
Start the web server with python manage.py runserver [PORT] in the /acmehealth_django project repository. (Hint) You should see the manage.py file.
$ python manage.py runserver 8080
Navigate to http://localhost:8080/stateful/login to login using the Okta Sign-In Widget or the Okta AuthJS SDK.