diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index af7e894bb..9da01d51b 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -60,6 +60,12 @@ jobs:
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }}
LOGIN_PEM: ${{ secrets.LOGIN_PEM }}
+ LOGIN_DOT_GOV_CLIENT_ID: "urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov"
+ LOGIN_DOT_GOV_USER_INFO_URL: "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo"
+ LOGIN_DOT_GOV_ACCESS_TOKEN_URL: "https://idp.int.identitysandbox.gov/api/openid_connect/token"
+ LOGIN_DOT_GOV_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&post_logout_redirect_uri=https://notify-staging.app.cloud.gov/sign-out"
+ LOGIN_DOT_GOV_BASE_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?"
+ LOGIN_DOT_GOV_SIGNOUT_REDIRECT: "https://notify-staging.app.cloud.gov/sign-out"
with:
cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -74,6 +80,13 @@ jobs:
--var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
--var NR_BROWSER_KEY="$NR_BROWSER_KEY"
--var LOGIN_PEM="$LOGIN_PEM"
+ --var LOGIN_DOT_GOV_CLIENT_ID="$LOGIN_DOT_GOV_CLIENT_ID"
+ --var LOGIN_DOT_GOV_USER_INFO_URL="$LOGIN_DOT_GOV_USER_INFO_URL"
+ --var LOGIN_DOT_GOV_ACCESS_TOKEN_URL="$LOGIN_DOT_GOV_ACCESS_TOKEN_URL"
+ --var LOGIN_DOT_GOV_LOGOUT_URL="$LOGIN_DOT_GOV_LOGOUT_URL"
+ --var LOGIN_DOT_GOV_BASE_LOGOUT_URL="$LOGIN_DOT_GOV_BASE_LOGOUT_URL"
+ --var LOGIN_DOT_GOV_SIGNOUT_REDIRECT="$LOGIN_DOT_GOV_SIGNOUT_REDIRECT"
+
- name: Check for changes to egress config
id: changed-egress-config
diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index c0b634a7f..6fc9c286a 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -153,12 +153,34 @@ def sign_in():
other_device = current_user.logged_in_elsewhere()
notify_env = os.getenv("NOTIFY_ENVIRONMENT")
current_app.logger.info("should render the sign in template")
+
+ # TODO REMOVE THIS INFO ONCE STAGING WORKS WITH LOGIN DOT GOV
+ current_app.logger.info(f"NOTIFY ENV = {notify_env}")
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_CLIENT_ID={os.getenv('LOGIN_DOT_GOV_CLIENT_ID')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_USER_INFO_URL={os.getenv('LOGIN_DOT_GOV_USER_INFO_URL')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_ACCESS_TOKEN_URL={os.getenv('LOGIN_DOT_GOV_ACCESS_TOKEN_URL')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_LOGOUT_URL={os.getenv('LOGIN_DOT_GOV_LOGOUT_URL')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_BASE_LOGOUT_URL={os.getenv('LOGIN_DOT_GOV_BASE_LOGOUT_URL')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_SIGNOUT_REDIRECT={os.getenv('LOGIN_DOT_GOV_SIGNOUT_REDIRECT')}"
+ )
+
return render_template(
"views/signin.html",
form=form,
again=bool(redirect_url),
other_device=other_device,
- notify_env_is_dev=bool(notify_env == "development"),
+ login_gov_enabled=bool(notify_env in ["development", "staging"]),
password_reset_url=password_reset_url,
)
diff --git a/app/templates/views/signin.html b/app/templates/views/signin.html
index ce72c74f3..a2c0d244a 100644
--- a/app/templates/views/signin.html
+++ b/app/templates/views/signin.html
@@ -28,7 +28,7 @@
{% endif %}
{% else %}
Sign in
- {% if notify_env_is_dev %}
+ {% if login_gov_enabled %}
Test login.gov authentication:
Login.gov.