# Setup

## Shop Product

- In Django Shop App, create a new product (Products model).
- `SKU` must be `VV`, Price 30000 (300_00 -> 300.00 CHF), name & description can be anything.
- Done for staging but not yet for production!

## Datatrans

- Set `DATATRANS_BASIC_AUTH_KEY`:
  - https://admin.sandbox.datatrans.com/MenuDispatch.jsp?main=1&sub=4
  - `echo -n "{merchantid}:{password}" | base64`

- Set `DATATRANS_HMAC_KEY`:
  - https://admin.sandbox.datatrans.com/MerchSecurAdmin.jsp

- Ensure that the webhook is set up correctly by Datatrans:
  - Be default transitions from `initialized` to `failed` do not trigger the webhook.
    - Edgecase: When user starts a datatrans payment and then closes the browser, the payment will be in `initialized`
      state forever. -> That's why we need the webhook for `initialized` -> `failed` transitions.
  - This can and needs to be enabled by datatrans (according to Mario from datatrans).
    - Livio 21.11.23: Mario promised to enable it,
    - Livio 27.11.23. Not yet enabled for the sandbox. -> Followed up!
    - Livio: TODO still not enabled. Follow up again!

### Production / "going live"

For Production: We use the proper production datatrans endpoint!

1. Coordinate with datatrans to get production account.
2. Set `DATATRANS_BASIC_AUTH_KEY` and `DATATRANS_HMAC_KEY` to the production values (see above).
3. Ensure that the webhook is set up correctly by Datatrans (see above).

## OAUTH

Make sure that the following env vars are set:

### Azure B2C

- Set `OAUTH_SIGNUP_CLIENT_ID`
- Set `OAUTH_SIGNUP_CLIENT_SECRET`
- Set `OAUTH_SIGNUP_SERVER_METADATA_URL` (.well-known/openid-configuration)
- Set `OAUTH_SIGNUP_TENANT_ID`

### Keycloak

- Set `OAUTH_SIGNIN_CLIENT_ID`
- Set `OAUTH_SIGNIN_CLIENT_SECRET`
- Set `OAUTH_SIGNIN_SERVER_METADATA_URL` (.well-known/openid-configuration)

### Redirect URIs

- Set `OAUTH_SIGNUP_REDIRECT_URI` (`.../sso/login` e.g. `https://myvbv-stage.iterativ.ch/sso/login`)
- Set `OAUTH_SIGNIN_REDIRECT_URI` (`.../sso/callback` e.g. `https://myvbv-stage.iterativ.ch/sso/callback`)

### Frontend:

- Update `VITE_OAUTH_API_BASE_URL` in `caprover_deploy.sh` for production.
  - NEEDS to be updated! Should be the SSO Prod one from Lernnetz -> Lookup from Metadata URL

### Cleanup

After everything runs fine, we should be able to remove the following env vars:

1. `IT_OAUTH_TENANT_ID`
2. `IT_OAUTH_CLIENT_NAME`
3. `IT_OAUTH_CLIENT_ID`
4. `IT_OAUTH_CLIENT_SECRET`
5. `IT_OAUTH_API_BASE_URL`
6. `IT_OAUTH_LOCAL_REDIRECT_URI`
7. `IT_OAUTH_SERVER_METADATA_URL`
8. `IT_OAUTH_SCOPE`