Multiple backend of the same type or DB driven settings

[vahidkowsari]

Hi,

This is just a general question as to how to use this library. We have started using this library for our application and using keycloak, OIDC and Okta configurations. We are a multitenant platform that needs to have multiple OIDC client apps each integrated into our system with each using different ID providers authoenticating the users which drop into users with different roles and organizations in our system.

The way I understand it is that currently thse OAUTH2 apps are to be configured in the django settings. I have looked into developing our own strategy and part ways thru that but also realize that in order to return settings for each of those backends additional work needs to be done. In addition the default PSA endpoints dont take any parameters for the backend so you could only have that backend once in the system.

Is what I am describing possible to do? Are there any genernal platform implementations of PSA with django that can do this?

Thanks

[digismack]

Hello! Yes, this is 100% possible to do. At work we use a DynamoDB table to store configuration objects for various customers. We can then call those configurations up by customer id and generate whatever links are needed to send the user over to the IdP. I'm not aware of any general platform implementations of this, but it is for sure possible with a little elbow grease.

[vahidkowsari]

Great Thanks @digismack,
Do you have some general suggestion on how to do this? I think we are mainly overriridng our own strategy to read the backends and their config and turn those into settings for PSA. Is that you did?

[digismack]

Great Thanks @digismack, Do you have some general suggestion on how to do this? I think we are mainly overriridng our own strategy to read the backends and their config and turn those into settings for PSA. Is that you did?

Yep! Customizing your applications Strategy class, particularly overriding the get_setting method, is a good way to supplant the default settings-based lookup in the Django sample app with your own custom configuration management.

[ShaheedHaque]

See what I did on StackOverflow. I hope that helps...OTOH, I am not an expert, so I may done done something terribly wrong...

[johnnymetz]

Any tips on overriding the strategy for a single backend? I see the SOCIAL_AUTH_STRATEGY but that appears to override the strategy for all backends.

[nijel]

The settings name passed to the get_setting method are prefixed with the backend name, that could be easily used to customize behavior for certain backend or variables only.

Still, I'm not sure if this is something generic that could be implemented here. See also #362