Merge pull request #1015 from GSA/notify-api-585

another try with login.gov on staging

.github/workflows/deploy.yml

@@ -51,6 +51,7 @@ jobs:
       - name: Create requirements.txt
         run: poetry export --without-hashes --format=requirements.txt > requirements.txt
 
+
       - name: Deploy to cloud.gov
         uses: 18f/cg-deploy-action@main
         env:
@@ -66,6 +67,7 @@ jobs:
           LOGIN_DOT_GOV_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&post_logout_redirect_uri=https://notify-staging.app.cloud.gov/sign-out"
           LOGIN_DOT_GOV_BASE_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?"
           LOGIN_DOT_GOV_SIGNOUT_REDIRECT: "https://notify-staging.app.cloud.gov/sign-out"
+          LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: "https://idp.int.identitysandbox.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=01234567890123456789012345&prompt=select_account&redirect_uri=http://notify-staging.app.cloud.gov/sign-in&response_type=code&scope=openid+email&state=abcdefghijklmnopabcdefghijklmnop"
         with:
           cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
           cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -86,6 +88,7 @@ jobs:
             --var LOGIN_DOT_GOV_LOGOUT_URL="$LOGIN_DOT_GOV_LOGOUT_URL"
             --var LOGIN_DOT_GOV_BASE_LOGOUT_URL="$LOGIN_DOT_GOV_BASE_LOGOUT_URL"
             --var LOGIN_DOT_GOV_SIGNOUT_REDIRECT="$LOGIN_DOT_GOV_SIGNOUT_REDIRECT"
+            --var LOGIN_DOT_GOV_INITIAL_SIGNIN_URL="$LOGIN_DOT_GOV_INITIAL_SIGNIN_URL"
 
 
       - name: Check for changes to egress config

app/main/views/sign_in.py

@@ -174,6 +174,8 @@ def sign_in():
     current_app.logger.info(
         f"LOGIN_DOT_GOV_SIGNOUT_REDIRECT={os.getenv('LOGIN_DOT_GOV_SIGNOUT_REDIRECT')}"
     )
+    initial_signin_url = os.getenv('LOGIN_DOT_GOV_INITIAL_SIGNIN_URL')
+    current_app.logger.info(f"LOGIN_DOT_GOV_INITIAL_SIGNIN_URL={initial_signin_url}")
 
     return render_template(
         "views/signin.html",
@@ -182,6 +184,7 @@ def sign_in():
         other_device=other_device,
         login_gov_enabled=bool(notify_env in ["development", "staging"]),
         password_reset_url=password_reset_url,
+        initial_signin_url=initial_signin_url,
     )
 
 

app/templates/views/signin.html

@@ -31,7 +31,7 @@
       {% if login_gov_enabled %}
       <p>
         Test login.gov authentication:
-        <a class="usa-link" href="https://idp.int.identitysandbox.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&nonce=01234567890123456789012345&prompt=select_account&redirect_uri=http://localhost:6012/sign-in&response_type=code&scope=openid+email&state=abcdefghijklmnopabcdefghijklmnop">Login.gov</a>.
+        <a class="usa-link" href="{{ initial_signin_url }}">Login.gov</a>.
       </p>
       {% endif %}
     {% endif %}

manifest.yml

@@ -46,3 +46,14 @@ applications:
 
       REQUESTS_CA_BUNDLE: "/etc/ssl/certs/ca-certificates.crt"
       NEW_RELIC_CA_BUNDLE_PATH: "/etc/ssl/certs/ca-certificates.crt"
+
+      # login.gov variables
+
+      LOGIN_PEM: ((LOGIN_PEM))
+      LOGIN_DOT_GOV_CLIENT_ID: ((LOGIN_DOT_GOV_CLIENT_ID))
+      LOGIN_DOT_GOV_USER_INFO_URL: ((LOGIN_DOT_GOV_USER_INFO_URL))
+      LOGIN_DOT_GOV_ACCESS_TOKEN_URL: ((LOGIN_DOT_GOV_ACCESS_TOKEN_URL))
+      LOGIN_DOT_GOV_LOGOUT_URL: ((LOGIN_DOT_GOV_LOGOUT_URL))
+      LOGIN_DOT_GOV_BASE_LOGOUT_URL: ((LOGIN_DOT_GOV_BASE_LOGOUT_URL))
+      LOGIN_DOT_GOV_SIGNOUT_REDIRECT: ((LOGIN_DOT_GOV_SIGNOUT_REDIRECT))
+      LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: ((LOGIN_DOT_GOV_INITIAL_SIGNIN_URL))

sample.env

@@ -42,3 +42,4 @@ LOGIN_DOT_GOV_ACCESS_TOKEN_URL="https://idp.int.identitysandbox.gov/api/openid_c
 LOGIN_DOT_GOV_LOGOUT_URL="https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&post_logout_redirect_uri=http://localhost:6012/sign-out"
 LOGIN_DOT_GOV_BASE_LOGOUT_URL="https://idp.int.identitysandbox.gov/openid_connect/logout?"
 LOGIN_DOT_GOV_SIGNOUT_REDIRECT="http://localhost:6012/sign-out"
+LOGIN_DOT_GOV_INITIAL_SIGNIN_URL="https://idp.int.identitysandbox.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&nonce=01234567890123456789012345&prompt=select_account&redirect_uri=http://localhost:6012/sign-in&response_type=code&scope=openid+email&state=abcdefghijklmnopabcdefghijklmnop"