75 lines
2.5 KiB
Markdown
75 lines
2.5 KiB
Markdown
# Setup
|
|
|
|
## Shop Product
|
|
|
|
- In Django Shop App, create a new product (Products model).
|
|
- `SKU` must be `VV`, Price 30000 (300_00 -> 300.00 CHF), name & description can be anything.
|
|
- Done for staging but not yet for production!
|
|
|
|
## Datatrans
|
|
|
|
- Set `DATATRANS_BASIC_AUTH_KEY`:
|
|
- https://admin.sandbox.datatrans.com/MenuDispatch.jsp?main=1&sub=4
|
|
- `echo -n "{merchantid}:{password}" | base64`
|
|
|
|
- Set `DATATRANS_HMAC_KEY`:
|
|
- https://admin.sandbox.datatrans.com/MerchSecurAdmin.jsp
|
|
|
|
- Ensure that the webhook is set up correctly by Datatrans:
|
|
- Be default transitions from `initialized` to `failed` do not trigger the webhook.
|
|
- Edgecase: When user starts a datatrans payment and then closes the browser, the payment will be in `initialized`
|
|
state forever. -> That's why we need the webhook for `initialized` -> `failed` transitions.
|
|
- This can and needs to be enabled by datatrans (according to Mario from datatrans).
|
|
- Livio 21.11.23: Mario promised to enable it,
|
|
- Livio 27.11.23. Not yet enabled for the sandbox. -> Followed up!
|
|
- Livio: TODO still not enabled. Follow up again!
|
|
|
|
### Production / "going live"
|
|
|
|
For Production: We use the proper production datatrans endpoint!
|
|
|
|
1. Coordinate with datatrans to get production account.
|
|
2. Set `DATATRANS_BASIC_AUTH_KEY` and `DATATRANS_HMAC_KEY` to the production values (see above).
|
|
3. Ensure that the webhook is set up correctly by Datatrans (see above).
|
|
|
|
## OAUTH
|
|
|
|
Make sure that the following env vars are set:
|
|
|
|
### Azure B2C
|
|
|
|
- Set `OAUTH_SIGNUP_CLIENT_ID`
|
|
- Set `OAUTH_SIGNUP_CLIENT_SECRET`
|
|
- Set `OAUTH_SIGNUP_SERVER_METADATA_URL` (.well-known/openid-configuration)
|
|
- Set `OAUTH_SIGNUP_TENANT_ID`
|
|
|
|
### Keycloak
|
|
|
|
- Set `OAUTH_SIGNIN_CLIENT_ID`
|
|
- Set `OAUTH_SIGNIN_CLIENT_SECRET`
|
|
- Set `OAUTH_SIGNIN_SERVER_METADATA_URL` (.well-known/openid-configuration)
|
|
|
|
### Redirect URIs
|
|
|
|
- Set `OAUTH_SIGNUP_REDIRECT_URI` (`.../sso/login` e.g. `https://myvbv-stage.iterativ.ch/sso/login`)
|
|
- Set `OAUTH_SIGNIN_REDIRECT_URI` (`.../sso/callback` e.g. `https://myvbv-stage.iterativ.ch/sso/callback`)
|
|
|
|
### Frontend:
|
|
|
|
- Update `VITE_OAUTH_API_BASE_URL` in `caprover_deploy.sh` for production.
|
|
- NEEDS to be updated! Should be the SSO Prod one from Lernnetz -> Lookup from Metadata URL
|
|
|
|
### Cleanup
|
|
|
|
After everything runs fine, we should be able to remove the following env vars:
|
|
|
|
1. `IT_OAUTH_TENANT_ID`
|
|
2. `IT_OAUTH_CLIENT_NAME`
|
|
3. `IT_OAUTH_CLIENT_ID`
|
|
4. `IT_OAUTH_CLIENT_SECRET`
|
|
5. `IT_OAUTH_API_BASE_URL`
|
|
6. `IT_OAUTH_LOCAL_REDIRECT_URI`
|
|
7. `IT_OAUTH_SERVER_METADATA_URL`
|
|
8. `IT_OAUTH_SCOPE`
|
|
|