From a238920f42e647b1fcb868acfd29f24623615c88 Mon Sep 17 00:00:00 2001
From: jackie / Andrea Ida Malkah Klaura <jackie@diebin.at>
Date: Sun, 11 Apr 2021 20:14:33 +0200
Subject: [PATCH] add section on OIDC client setup to README

---
 README.rst | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/README.rst b/README.rst
index 2c6a229c..e7db5d11 100644
--- a/README.rst
+++ b/README.rst
@@ -92,3 +92,25 @@ with the credentials you have chosen in the ``createsuperuser`` command.
 
 If you are using some placeholder credentials, make sure to change your password
 by visiting http://127.0.0.1:8000/admin/auth/user/1/password/
+
+Configuring OpenID Connect clients
+----------------------------------
+
+To make AuRa usable, you have to set up OpenID Connect (OIDC) clients for the
+*dashboard* and *tank*, so they can make authenticated requests on behalf of
+the user against the *steering* API.
+
+To do so, you can either visit the Django admin interface and create an RSA key
+as well as two clients, or do so programmatically by running::
+
+    (python)$ python manage.py creatersakey
+    (python)$ python manage.py create_oidc_client dashboard public -r "id_token token" -u https://aura-test.o94.at/oidc_callback.html -u https://aura-test.o94.at/oidc_callback_silentRenew.html -p https://aura-test.o94.at/
+    (python)$ python manage.py create_oidc_client tank confidential -r "code" -u https://aura-test.o94.at/tank/auth/oidc/callback
+
+In these examples you will have to *https://aura-test.o94.at* and
+*https://aura-test.o94.at/tank_with* with wherever *dashboard* and *tank* are
+running in your setup. In a local development environment this might be
+something like *http://localhost:8080* and *http://localhost:4000* respectively.
+
+The client id and in case of the tank also the client secret are then needed for
+the configuration of those components.
-- 
GitLab