feat: Be able to login to bare-metal studio easily.

Updating the documentation and the devstack.py files so that if you're running bare-metal you can easily setup studio login via the LMS. I also added the Ports that the various MFEs expect to the runserver scripts so that it's easier to run those locally as well.
openedx · Aug 21, 2024 · 56d7c01 · 56d7c01
1 parent baf5de2
commit 56d7c01
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 3 deletions.
diff --git a/README.rst b/README.rst
@@ -124,18 +124,33 @@ sites)::
   ./manage.py lms collectstatic
   ./manage.py cms collectstatic
 
+Setup Studio SSO for Development::
+
+  ./manage.py lms manage_user studio_worker example@example.com --unusable-password
+  # DO NOT DO THIS IN PRODUCTION it will make your auth insecure
+  ./manage.py lms create_dot_application --grant-type authorization-code --skip-authorization --redirect-uris "http://localhost:18010/complete/edx-oauth2/" --scopes "user_id" studio-sso studio_worker --client-id studio-sso-key --client-secret studio-sso-secret
+
+Setup Studio SSO for Production::
+
+  ./manage.py lms manage_user studio_worker <email@yourcompany.com> --unusable-password
+  ./manage.py lms create_dot_application --grant-type authorization-code --skip-authorization --redirect-uris "http://localhost:18010/complete/edx-oauth2/" --scopes "user_id" studio-sso studio_worker
+  # Login to the django admin site (eg. http://localhost:18000/admin/oauth2_provider/application/)
+  # to view the credentials for the 'studio-sso' app and set them in the config
+  # for your production studio deployment using the `SOCIAL_AUTH_EDX_OAUTH2_KEY`
+  # and `SOCIAL_AUTH_EDX_OAUTH2_SECRET` values in your studio settings.
+
 Run the Platform
 ----------------
 
 First, ensure MySQL, Mongo, and Memcached are running.
 
 Start the LMS::
 
-  ./manage.py lms runserver
+  ./manage.py lms runserver 18000
 
 Start the CMS::
 
-  ./manage.py cms runserver
+  ./manage.py cms runserver 18010
 
 This will give you a mostly-headless Open edX platform. Most frontends have
 been migrated to "Micro-Frontends (MFEs)" which need to be installed and run

diff --git a/cms/envs/devstack.py b/cms/envs/devstack.py
@@ -267,7 +267,8 @@ def should_show_debug_toolbar(request):  # lint-amnesty, pylint: disable=missing
 ################ Using LMS SSO for login to Studio ################
 SOCIAL_AUTH_EDX_OAUTH2_KEY = 'studio-sso-key'
 SOCIAL_AUTH_EDX_OAUTH2_SECRET = 'studio-sso-secret'  # in stage, prod would be high-entropy secret
-SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = 'http://edx.devstack.lms:18000'  # routed internally server-to-server
+# routed internally server-to-server
+SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = ENV_TOKENS.get('SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT', 'http://edx.devstack.lms:18000')
 SOCIAL_AUTH_EDX_OAUTH2_PUBLIC_URL_ROOT = 'http://localhost:18000'  # used in browser redirect
 
 # Don't form the return redirect URL with HTTPS on devstack

diff --git a/lms/envs/minimal.yml b/lms/envs/minimal.yml
@@ -36,3 +36,6 @@ LMS_INTERNAL_ROOT_URL: "http://localhost"
 
 # So that Swagger config code doesn't complain
 API_ACCESS_MANAGER_EMAIL: "api-access@example.com"
+
+# So that you can login to studio on bare-metal
+SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT: 'http://localhost:18000'