Skip to content

Social Authentication

Overview

OpenCVE supports Social Authentication through the powerful Django Allauth library, which provides a wide array of supported providers. Any provider listed on the Django Allauth Providers Page is also available in OpenCVE.

To enable this functionality, a few additional steps are required within OpenCVE, but once these are complete, you can follow the official Django Allauth documentation to add further providers.

Configuration

To set up Social Authentication on OpenCVE, you'll need to configure some information in the settings.py file.

  1. INSTALLED_APPS: Add the applications required for the providers.
  2. SOCIALACCOUNT_PROVIDERS: Configure each provider, as outlined on the Allauth site.
  3. STATICFILES_DIRS: Point to the directory where icon images are stored for login and registration interfaces.

Example Configuration

In this example, we’ll configure Google and LinkedIn authentication by adding the appropriate applications in INSTALLED_APPS:

# opencve/conf/settings.py
...
INSTALLED_APPS.extend([
    "allauth.socialaccount.providers.google",
    "allauth.socialaccount.providers.openid_connect",
])

Next, configure the providers as specified in the official Django Allauth documentation. For example:

# opencve/conf/settings.py
...
SOCIALACCOUNT_PROVIDERS = {
    "google": {
        "VERIFIED_EMAIL": True,
        "APPS": [
            {
                "provider_id": "google",
                "client_id": "xxxx",
                "secret": "yyyy",
                "key": "",
                "settings": {
                    "scope": [
                        "profile",
                        "email",
                    ],
                    "auth_params": {
                        "access_type": "online",
                    },
                    "oauth_pkce_enabled": True
                },
            },
        ]
    },
    "openid_connect": {
        "VERIFIED_EMAIL": True,
        "APPS": [
            {
                "provider_id": "linkedin",
                "name": "LinkedIn",
                "client_id": "xxxx",
                "secret": "yyyy",
                "settings": {
                    "server_url": "https://www.linkedin.com/oauth",
                },
            }
        ]
    }
}

Warning

Make sure to replace the secrets with your actual values

At this stage, SSO (Single Sign-On) should work correctly. However, you may notice that icons are not displayed properly.

Social Auth OpenCVE 1

Note

Social application icons are not included in the OpenCVE source code, it’s up to the user to add them manually.

To properly display icons, configure the STATICFILES_DIRS setting to specify the location for the custom icons:

# opencve/conf/settings.py
...
STATICFILES_DIRS.append("/opt/opencve/custom_static")

The icon file names are based on the provider_id keys in SOCIALACCOUNT_PROVIDERS. For instance, here we should have google.png and linkedin.png within an img/icons directory structure:

$ tree /opt/opencve/custom_static
/opt/opencve/custom_static
└── img
    └── icons
        ├── google.png
        └── linkedin.png

Now, the icons should appear correctly on both the login and registration screens:

Social Auth OpenCVE 1