Add SSO with Google within the Admin

README.rst

@@ -15,7 +15,8 @@ Features
   partner (customer, provider...), description, responsible of the task, priority...
 * Each task may have items: sub-tasks to be done.
 * The built-in Django *Authentication and Authorization* system
-  to manage users and groups, login, etc.
+  to manage users and groups, login, etc, and optionally SSO with Google
+  within the Admin (`django-google-sso <https://github.com/megalus/django-google-sso>`_).
 * Module `django-adminfilters <https://github.com/mrsarm/django-adminfilters>`_
   that allows multiselection searches.
 * Send emails when a task is created.

coleman/settings.py

@@ -49,6 +49,7 @@
     'django.contrib.staticfiles',
     'django_extensions',
     'health_check',
+    'django_google_sso',
 ]
 
 REST_ENABLED = env.bool('REST_ENABLED', False)
@@ -177,6 +178,15 @@
 }
 
 
+GOOGLE_SSO_ENABLED = env.bool('GOOGLE_SSO_ENABLED', False)
+SSO_SHOW_FORM_ON_ADMIN_PAGE = env.bool('SSO_SHOW_FORM_ON_ADMIN_PAGE', True)
+GOOGLE_SSO_CLIENT_ID = env.str("GOOGLE_SSO_CLIENT_ID", None)
+GOOGLE_SSO_CLIENT_SECRET = env.str('GOOGLE_SSO_CLIENT_SECRET', None)
+GOOGLE_SSO_PROJECT_ID = env.str('GOOGLE_SSO_PROJECT_ID', "django-coleman")
+GOOGLE_SSO_AUTO_CREATE_USERS = True
+GOOGLE_SSO_STAFF_LIST = ["*"]
+GOOGLE_SSO_ALLOWABLE_DOMAINS = env.str('GOOGLE_SSO_ALLOWABLE_DOMAINS', "gmail.com").split(',')
+
 #
 # Custom configurations
 #

coleman/urls.py

@@ -13,9 +13,8 @@
     1. Import the include() function: from django.urls import include, path
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
-from django.urls import re_path, include
+from django.urls import path, re_path, include
 from django.contrib import admin
-from django.urls import path
 from django.conf import settings
 from django.http import HttpResponseRedirect
 
@@ -29,13 +28,19 @@
 
 urlpatterns = [
     re_path('^api/v1/', include(router.urls)),
+    re_path(r'^health/', include('health_check.urls')),
+    path(
+            "google_sso/", include(
+                "django_google_sso.urls",
+                namespace="django_google_sso"
+            )
+        ),
 ]
 
 if settings.ADMIN:
     urlpatterns = [
         re_path(r'^$', lambda r: HttpResponseRedirect('admin/')),   # Remove this redirect if you add custom views
         path('admin/', admin.site.urls),
-        re_path(r'^health/', include('health_check.urls')),
     ] + urlpatterns
 
 admin.site.site_title = admin.site.site_header = settings.SITE_HEADER

requirements/requirements-dev.in

@@ -5,4 +5,5 @@ django-admin-list-filter-dropdown~=1.0.3
 django-adminfilters~=2.1.0
 djangorestframework~=3.15.2
 django-extensions~=3.2.1
+django-google-sso~=6.5.0
 django-health-check~=3.17.0

requirements/requirements-dev.txt

@@ -6,13 +6,20 @@
 #
 asgiref==3.6.0
     # via django
+cachetools==5.5.0
+    # via google-auth
+certifi==2024.7.4
+    # via requests
+charset-normalizer==3.3.2
+    # via requests
 dj-database-url==1.3.0
     # via -r requirements-dev.in
 django==4.2.15
     # via
     #   -r requirements-dev.in
     #   dj-database-url
     #   django-extensions
+    #   django-google-sso
     #   django-health-check
     #   djangorestframework
 django-admin-list-filter-dropdown==1.0.3
@@ -21,17 +28,52 @@ django-adminfilters==2.1.0
     # via -r requirements-dev.in
 django-extensions==3.2.1
     # via -r requirements-dev.in
+django-google-sso==6.5.0
+    # via -r requirements-dev.in
 django-health-check==3.17.0
     # via -r requirements-dev.in
 djangorestframework==3.15.2
     # via -r requirements-dev.in
 environs==9.5.0
     # via -r requirements-dev.in
+google-auth==2.34.0
+    # via
+    #   django-google-sso
+    #   google-auth-httplib2
+    #   google-auth-oauthlib
+google-auth-httplib2==0.2.0
+    # via django-google-sso
+google-auth-oauthlib==1.2.1
+    # via django-google-sso
+httplib2==0.22.0
+    # via google-auth-httplib2
+idna==3.8
+    # via requests
+loguru==0.7.2
+    # via django-google-sso
 marshmallow==3.14.1
     # via environs
+oauthlib==3.2.2
+    # via requests-oauthlib
+pyasn1==0.6.0
+    # via
+    #   pyasn1-modules
+    #   rsa
+pyasn1-modules==0.4.0
+    # via google-auth
+pyparsing==3.1.4
+    # via httplib2
 python-dotenv==0.19.2
     # via environs
+requests==2.32.3
+    # via requests-oauthlib
+requests-oauthlib==2.0.0
+    # via google-auth-oauthlib
+rsa==4.9
+    # via google-auth
 sqlparse==0.5.0
     # via django
 typing-extensions==4.5.0
     # via dj-database-url
+urllib3==2.2.2
+    # via requests