Django-esteid is a package that provides Esteid based authentication and signing for your Django applications.
Install django-esteid
:
pip install django-esteid
Add esteid
to installed apps:
INSTALLED_APPS = [
# ...
'esteid',
# ...
]
Please refer to the more detailed guides on signing and authentication.
Be sure to read the testing section below.
Static files such as the services' logos and helper JS are also shipped with this library.
Detailed docs are here.
Detailed docs are here.
Detailed docs are here.
You can
esteid.context_processors.esteid_services
adds service enabled/demo statuses to the template context.
This way you can easily manage the necessary services displayed on the auth/signing page.
For a guide to authentication testing, please refer to the authentication readme.
There is a possibility to test the signing flow with ID card, SmartID and Mobile ID (the demo services) with the test views coming with the library.
NOTE: you may not be able to use the live Esteid services even with live credentials. The live services keep an IP address whitelist which only contains IP addresses as specified in customer's contract.
To run the django-esteid test server with the test views,
- install the virtual environment if not installed yet,
- run
./manage.py migrate
to create the SQLite DB for sessions, - run
./manage.py runserver 8765
, where 8765 is a port of your liking
then visit the URL http://localhost:8765/ and follow the instructions on that page.
To test Mobile ID signing, you will need test phone numbers and ID codes.
You can not use real phone numbers or ID codes with the demo service.
To test signing with SmartID, yoy can use the test ID codes.
You can also register a demo SmartID account and use a demo SmartID app to enter the PINs; please visit the demo SmartID portal for the details.
ID card signing requires SSL to work, even in a testing environment.
Note that the signature will not be valid neither with the real certificates, nor with the test ones.
To perform signing with ID card, you would need the chrome-token-signing
browser plugin installed.
apt-get install chrome-token-signing
You can run an HTTPS webserver with ./manage.py runsslserver 127.0.0.1:8765
. It will use a development certificate
coming with the djangosslserver
package.
Note that the cert is self-signed, so you will need to create a security exception in browser.
If you need to create your own cert using openssl:
openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name=dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
Then start the HTTPS webserver as follows:
python manage.py runsslserver 127.0.0.1:8765 --certificate localhost.crt --key localhost.key
A security exception is also necessary as marked above.
If you don't want to use a self-signed cert you can route the test site through HTTPS with ngrok.
With ngrok
installed, and the ./manage.py runserver 8765
started, run
ngrok http http://127.0.0.1:8765
and it will create a tunnel with an HTTPS URL for your local site.
It's possible to use the command line utility digidoc-tool
from the libdigidocpp library
to verify containers with signatures created by demo services:
digidoc-tool open --tslurl=https://open-eid.github.io/test-TL/tl-mp-test-EE.xml --tslcert=trusted-test-tsl.crt <file>
Instructions on setting up the environment can be found here.