Metadata-Version: 2.4
Name: django-lux-sso
Version: 0.1.1
Summary: Optional OIDC SSO provider plugin for django-lux.
Author-email: DeBeski <debeski1@gmail.com>
License: MIT
Project-URL: Homepage, https://github.com/debeski/django-lux
Classifier: Framework :: Django
Classifier: Framework :: Django :: 5
Classifier: Framework :: Django :: 6
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: License :: OSI Approved :: MIT License
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: Django>=5.1
Requires-Dist: django-lux>=1.0.0
Requires-Dist: django-oauth-toolkit[oidc]>=3.0
Requires-Dist: cryptography>=42.0

# django-lux-sso

Optional OIDC provider plugin for `django-lux`.

This package is intentionally separate from core `django-lux`. Install it only
in the Dlux deployment that should act as the identity provider.

Connected projects can be written in any stack that supports OpenID Connect
Authorization Code flow. The Django client package is only a convenience SDK for
Django projects; PHP, .NET, JavaScript, Java, Go, mobile, and desktop clients
should use their standard OIDC libraries.

```python
from dlux_sso.settings import dlux_sso_settings

dlux_sso_settings(globals())
```

Then mount the provider URLs explicitly:

```python
from django.urls import include, path

urlpatterns = [
    path("", include("dlux.urls")),
    path("", include("dlux_sso.urls")),
]
```

Generic OIDC clients should prefer provider discovery:

```text
https://sso.example.com/o/.well-known/openid-configuration/
```

The portable role claim is `dlux_sso_role`, with one of `admin`, `staff`, or
`user`.
