Merge branch 'main' into dev

.github/workflows/docker-ghcr-cd.yaml

@@ -0,0 +1,47 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Create and publish a Docker image
+
+on:
+  release:
+    types:
+      - published
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GH_SECRET }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

docker-prepare.sh

@@ -5,9 +5,9 @@ export EXPFOLDER="examples-docker"
 cp -R examples $EXPFOLDER
 
 # remove dev db
-rm $EXPFOLDER/relying_party/db.sqlite3 
-rm $EXPFOLDER/provider/db.sqlite3 
-rm $EXPFOLDER/federation_authority/db.sqlite3 
+rm -f $EXPFOLDER/relying_party/db.sqlite3 
+rm -f $EXPFOLDER/provider/db.sqlite3 
+rm -f $EXPFOLDER/federation_authority/db.sqlite3 
 
 # Configure the rewrite rules:
 export SUB_AT='s\http://127.0.0.1:8000/\http://trust-anchor.org:8000/\g'

docs/CREATE_A_FEDERATION.md

@@ -15,10 +15,10 @@ __setup__
 
 __configure the federation entity__
 
-Click on _Federation Entity Configuration_ and create your entity, with this informations:
+Click on _Federation Entity Configuration_ and create your entity, with the following information:
 
 - sub
-- jwks (if omitted they will auto provisioned)
+- jwks (if omitted it will auto provisioned)
 - metadata, containing the endpoints that matches to your urls webpaths
 - is_active, must set to True
 
@@ -96,7 +96,7 @@ see [unit tests](https://github.com/italia/spid-cie-oidc-django/blob/main/spid_c
 ### Register a Provider in the Federation
 
 In you project configure the settingslocal.py file and import it in your settings.py file, for all the
- provider configuration parameters see [here](https://github.com/italia/spid-cie-oidc-django/blob/newbranch/docs/technical_specifications/PROVIDER.md).
+ provider configuration parameters see [here](technical_specifications/PROVIDER.md).
 
 
 For CIE or Spid provider configure `OIDCFED_PROVIDER_PROFILE` parameter in settingslocal.py as "cie" or "spid"
@@ -122,8 +122,8 @@ Access to the Federation Authority admin backend and configure your OP as a desc
 In the admin page of your Trust Anchor (http://127.0.0.1:8000/admin) create a descendant entity with the following paramenters:
 
 - OP name
-- sub (eg. 'http://127.0.0.1:8002/oidc/rp/')
-- Jwks, public jwks. If you don't have one please create a pair of private/public using the OnBoarding tool `Create a JWK`
+- sub (eg. 'http://127.0.0.1:8002/oidc/op/')
+- Jwks, public jwks available in the OP's entity configuration
 - is_active, must set to True
 
 ![OP as descendant](images/op_descendant.png)

docs/FEDERATION_ENTITY_API.md

@@ -10,7 +10,7 @@ An entity can be one of:
  - federation_entity (trust anchor or intermediary)
 
 To create an OIDC Federation you have to configure a Trust Anchor first.
-Read [FEDERATION_AUTHORITY](FEDERATION_AUTHORITY.md) to see how to do it.
+Read [FEDERATION_AUTHORITY](CREATE_A_FEDERATION.md) to see how to do it.
 
 ## EntityConfiguration
 

docs/technical_specifications/ENTITY.md

@@ -28,4 +28,4 @@ Examples of requests to this endpoint are:
 
 ### API
 
-See [The Entity API documentation](../docs/FEDERATION_ENTITY_API.md).
+See [The Entity API documentation](../FEDERATION_ENTITY_API.md).

docs/technical_specifications/PROVIDER.md

@@ -6,7 +6,7 @@ AgID SPID guidelines and CIE id guidelines.
 ## General settings
 
 All the Provider settings paramenter are available at
-[spid_cie_oidc.provider.settings](spie_cie_oidc/provider/settings.py) and
+[spid_cie_oidc.provider.settings](../../spid_cie_oidc/provider/settings.py) and
 can be inherited in the general settings file of your project.
 
 These are the following:
@@ -76,10 +76,9 @@ Example
 OIDCFED_PROVIDER_MAX_REFRESH = 1
 ````
 
-- `OIDCFED_PROVIDER_ATTRIBUTES_SPID_MAP` map of attributes for a spid provider, an example [here](https://github.com/italia/spid-cie-oidc-django/blob/dev/spid_cie_oidc/provider/settings.py#L31)
-- `OIDCFED_PROVIDER_ATTRIBUTES_CIE_MAP` map of attributes for a cie provider, an example [here](https://github.com/italia/spid-cie-oidc-django/blob/dev/spid_cie_oidc/provider/settings.py#L60)
-- `OIDCFED_PROVIDER_ATTRIBUTES_MAP` map of all provider attributes, an example [here](https://github.com/italia/spid-cie-oidc-django/blob/dev/spid_cie_oidc/provider/settings.py#L77)
-
+- `OIDCFED_PROVIDER_ATTRIBUTES_SPID_MAP` map of attributes for a spid provider, an example [here](https://github.com/italia/spid-cie-oidc-django/blob/main/spid_cie_oidc/provider/settings.py#L31)
+- `OIDCFED_PROVIDER_ATTRIBUTES_CIE_MAP` map of attributes for a cie provider, an example [here](https://github.com/italia/spid-cie-oidc-django/blob/main/spid_cie_oidc/provider/settings.py#L60)
+- `OIDCFED_PROVIDER_ATTRIBUTES_MAP` map of all provider attributes, an example [here](https://github.com/italia/spid-cie-oidc-django/blob/main/spid_cie_oidc/provider/settings.py#L77)
 - `OIDCFED_PROVIDER_PROFILES_ID_TOKEN_CLAIMS` claims that can be requested to token endpoint.
 
 Example
@@ -125,25 +124,25 @@ OIDCFED_PROVIDER_PROFILES_DEFAULT_ACR = dict(
 )
 ````
 
-- `OIDCFED_ATTRNAME_I18N`, attributes internationalization, an example [here](, an example [here](https://github.com/italia/spid-cie-oidc-django/blob/dev/spid_cie_oidc/provider/settings.py#L125))
+- `OIDCFED_ATTRNAME_I18N`, attributes internationalization, an example [an example here](https://github.com/italia/spid-cie-oidc-django/blob/main/spid_cie_oidc/provider/settings.py#L125).
 
 ## Endpoints
 
-the webpath where the provider serve its features are the followins.
+The webpath where the provider serve its features are the following.
 
 ### entity configuration (.well-known/openid-federation)
 
-As inherited from [__spid_cie_oidc.entity__](docs/tecnhical_specifications/ENTITY.md).
+As inherited from [__spid_cie_oidc.entity__](ENTITY.md).
 
 ### authorization
 
 The webpath is customizable in the `urls.py` file and by default it's
-configured [here](https://github.com/italia/spid-cie-oidc-django/blob/dev/spid_cie_oidc/provider/urls.py#L16) 
+configured [here](https://github.com/italia/spid-cie-oidc-django/blob/main/spid_cie_oidc/provider/urls.py#L16) 
 and correspond to `spid_cie_oidc.provider.views.AuthzRequestView`.
 
 The Authorization Endpoint support the use of the HTTP GET and POST methods.
 
-An exemple of accepted request is [heare](https://github.com/italia/spid-cie-oidc-django/blob/dev/spid_cie_oidc/onboarding/tests/authn_request_settings.py#L30)
+An exemple of accepted request is [here](https://github.com/italia/spid-cie-oidc-django/blob/dev/spid_cie_oidc/onboarding/tests/authn_request_settings.py#L30)
 
 In the case of successful user authentication, the response contains the following parameters: