SSO
===

Tendenci has an oAuth2 client built in that you can use to set up single sign-on (SSO) for your tendenci site. To enable
the oAuth2 client, follow these 3 steps:

1. Add ``oauth2_client`` to the INSTALLED_APPS in your ``conf/settings.py``:
::

    INSTALLED_APPS += ['tendenci.apps.oauth2_client',]



2. Add oauth2 urls to the urlpatterns list in your ``conf/urls.py`` (you can change the url path):
::

    urlpatterns = pre_urlpatterns + [

        #url(r'^', include('example_app.urls')),
        url(r'^oauth2/', include('tendenci.apps.oauth2_client.urls')),
    ] + post_urlpatterns


3. Set up these settings in your ``conf/settings.py`` (adjust yours accordingly):
::

	AUTHENTICATION_BACKENDS = ['tendenci.apps.oauth2_client.backends.AuthenticationBackend'] + AUTHENTICATION_BACKENDS

	OAUTH2_REMOTE_APP_NAME = 'example'
	OAUTH2_CLIENT_ID = 'Example Client ID'
	OAUTH2_CLIENT_SECRET = 'Example Client Secret'
	OAUTH2_ACCESS_TOKEN_URL = 'https://www.example.com/oauth2/token'
	OAUTH2_ACCESS_TOKEN_PARAMS = None
	OAUTH2_AUTHORIZE_URL = 'https://www.example.com/oauth2/authorize'
	OAUTH2_AUTHORIZE_PARAMS = None
	OAUTH2_API_BASE_URL = 'https://www.example.com/'
	OAUTH2_USERINFO_ENDPOINT = 'https://www.example.com/oauth2/userInfo'
	OAUTH2_LOGOUT_REDIRECT_URL = 'https://www.example.com/logout' 
	OAUTH2_CLIENT_KWARGS = {
    	'scope': 'openid profile',
    	'token_endpoint_auth_method': 'client_secret_basic',
   		'token_placement': 'header',
	}
	OAUTH2_USER_ATTR_MAPPING={
    	'username': 'email', 
    	'email': 'email',
    	'first_name': 'given_name',
    	'last_name': 'family_name'
	}
	
For the ``OAUTH2_USER_ATTR_MAPPING`` setting, you can add more fields like ``phone``, ``address``, ``city``, ``state``, 
``zipcode``, ``country``...