Django-based authentication system for multi application website

Creation of a django-based webservice that provides user authentication for x number of internal trusted applications across the same domain and trusted domains. In addition, creation of a django-based example endpoint application that can securely authenticate using the system described.

This job is basically a request to create a SSO solution similar to the one described here:

[url removed, login to view]

With the addition of registration via OAuth authorization

All S2S connections between external applications and this application to be created should be secured using public/private key authentication and SSL where possible.

## Deliverables

Example workflows

1. User navigates to one of our endpoint apps for the first time (no existing cookies or sessions) and clicks a registration link.

2. User is shown a page served by the app to be created which offers registration by OAuth providers (Facebook and Google must be preconfigured but app should be extendable to additional OAuth providers). Local user registration must also be possible. Only first name, last name, email, gender and date of birth should be collected (in addition to password for local registration).

3. Local registration requires email address verification which must be handled by the app to be created.

4. After granting OAuth permission or successfully verifiying email for local account creation, user must be returned to endpoint application with session and cookie set.

1. Existing user navigates to one of our endpoint apps and clicks a login link which makes a call to the application to be created.

2. Application verifies user based on still valid cookie and locates unexpired OAuth token from Facebook creates session and returns.

1. Existing user with active session navigates to another website within our domain or a site on a predefined trusted domain.

2. User should be logged in and authenticated on that site.

1. Existing registered user with no session or cookie clicks a registration link from an endpoint application.

2. User had previously registered using Facebook or local registration but now clicks Google for authorization.

3. After receiving permission from Google, application to be created should verify user is unique based on first name, last name, email address. If an existing match is found, the token received from Google should be added to the existing account and login granted. No new account should be created. Users should be able to authenticate using any method as long as their first name, last name and email address match.

Amazon Web Services CSS XML

项目ID： #2786736

关于项目