Configuration

Complete guide to configuring SVA OAuth in your Django application.

Required Settings

Add these settings to your settings.py:

# SVA OAuth Configuration

# Base URL of your SVA OAuth provider
SVA_OAUTH_BASE_URL = 'https://auth.getsva.com'

# OAuth client credentials (obtain from your SVA provider)
SVA_OAUTH_CLIENT_ID = 'your_client_id_here'
SVA_OAUTH_CLIENT_SECRET = 'your_client_secret_here'

# Redirect URI registered in your OAuth app
SVA_OAUTH_REDIRECT_URI = 'https://yourapp.com/oauth/callback/'

# Secret key for verifying data_token JWT signatures
# MUST match the secret configured in your SVA provider
SVA_DATA_TOKEN_SECRET = 'your_data_token_secret'

Optional Settings

Scopes

Request specific identity blocks (scopes):

# Default: 'openid email profile'
SVA_OAUTH_SCOPES = 'openid email profile username name phone'

Available scopes:

openid - Required for OIDC
email - User's email address
profile - Basic profile information
username - Username
name - Full name
phone - Phone number
address - Address information
bio - Bio/description
social - Social media links
images - Profile images
And many more...

Redirect URLs

# Redirect after successful authentication
SVA_OAUTH_SUCCESS_REDIRECT = '/dashboard/'

# Redirect on authentication errors
SVA_OAUTH_ERROR_REDIRECT = '/login/'

# Redirect after logout
SVA_OAUTH_LOGOUT_REDIRECT = '/'

# Login URL path (used by decorators)
SVA_OAUTH_LOGIN_URL = '/oauth/login/'

Data Token Configuration

# JWT algorithm for data_token verification
# Options: 'HS256', 'RS256'
SVA_DATA_TOKEN_ALGORITHM = 'HS256'  # Default

Environment Variables

For production, use environment variables instead of hardcoding secrets:

# settings.py
import os

SVA_OAUTH_BASE_URL = os.getenv('SVA_OAUTH_BASE_URL', 'https://auth.getsva.com')
SVA_OAUTH_CLIENT_ID = os.getenv('SVA_OAUTH_CLIENT_ID')
SVA_OAUTH_CLIENT_SECRET = os.getenv('SVA_OAUTH_CLIENT_SECRET')
SVA_OAUTH_REDIRECT_URI = os.getenv('SVA_OAUTH_REDIRECT_URI')
SVA_DATA_TOKEN_SECRET = os.getenv('SVA_DATA_TOKEN_SECRET')
SVA_DATA_TOKEN_ALGORITHM = os.getenv('SVA_DATA_TOKEN_ALGORITHM', 'HS256')

Then set them in your environment:

# .env file or environment
export SVA_OAUTH_BASE_URL='https://auth.getsva.com'
export SVA_OAUTH_CLIENT_ID='your_client_id'
export SVA_OAUTH_CLIENT_SECRET='your_client_secret'
export SVA_OAUTH_REDIRECT_URI='https://yourapp.com/oauth/callback/'
export SVA_DATA_TOKEN_SECRET='your_data_token_secret'

Development vs Production

Development Settings

# settings.py (development)

SVA_OAUTH_BASE_URL = 'http://localhost:8000'
SVA_OAUTH_REDIRECT_URI = 'http://localhost:8001/oauth/callback/'
SVA_OAUTH_SUCCESS_REDIRECT = '/'
SVA_OAUTH_ERROR_REDIRECT = '/'

Production Settings

# settings.py (production)

# Use HTTPS
SVA_OAUTH_BASE_URL = 'https://auth.getsva.com'
SVA_OAUTH_REDIRECT_URI = 'https://yourapp.com/oauth/callback/'

# Secure session cookies
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SAMESITE = 'Lax'
CSRF_COOKIE_SECURE = True

# Use environment variables for secrets
SVA_OAUTH_CLIENT_SECRET = os.getenv('SVA_OAUTH_CLIENT_SECRET')
SVA_DATA_TOKEN_SECRET = os.getenv('SVA_DATA_TOKEN_SECRET')

Configuration Validation

Create a management command to validate your configuration:

# management/commands/validate_oauth_config.py
from django.core.management.base import BaseCommand
from django.conf import settings

class Command(BaseCommand):
    help = 'Validate SVA OAuth configuration'

    def handle(self, *args, **options):
        required_settings = [
            'SVA_OAUTH_BASE_URL',
            'SVA_OAUTH_CLIENT_ID',
            'SVA_OAUTH_CLIENT_SECRET',
            'SVA_OAUTH_REDIRECT_URI',
            'SVA_DATA_TOKEN_SECRET',
        ]
        
        missing = []
        for setting in required_settings:
            if not hasattr(settings, setting) or not getattr(settings, setting):
                missing.append(setting)
        
        if missing:
            self.stdout.write(
                self.style.ERROR(f'Missing required settings: {", ".join(missing)}')
            )
            return
        
        self.stdout.write(self.style.SUCCESS('✓ All required settings are configured'))
        
        # Validate URLs
        if not settings.SVA_OAUTH_BASE_URL.startswith(('http://', 'https://')):
            self.stdout.write(
                self.style.WARNING('SVA_OAUTH_BASE_URL should start with http:// or https://')
            )
        
        if not settings.SVA_OAUTH_REDIRECT_URI.startswith(('http://', 'https://')):
            self.stdout.write(
                self.style.WARNING('SVA_OAUTH_REDIRECT_URI should start with http:// or https://')
            )

Run the validation:

python manage.py validate_oauth_config

Common Configuration Issues

Redirect URI Mismatch

Error: redirect_uri_mismatch

Solution: Ensure SVA_OAUTH_REDIRECT_URI exactly matches the redirect URI registered in your OAuth app (including protocol, domain, port, and path).

Invalid Client Credentials

Error: invalid_client

Solution: Verify SVA_OAUTH_CLIENT_ID and SVA_OAUTH_CLIENT_SECRET are correct.

Data Token Verification Failed

Error: Invalid data token

Solution: Ensure SVA_DATA_TOKEN_SECRET matches the secret configured in your SVA provider.

Next Steps

After configuration, proceed to First Integration to create your first OAuth-protected view.

Required Settings​

Optional Settings​

Scopes​

Redirect URLs​

Data Token Configuration​

Environment Variables​

Development vs Production​

Development Settings​

Production Settings​

Configuration Validation​

Common Configuration Issues​

Redirect URI Mismatch​

Invalid Client Credentials​

Data Token Verification Failed​

Next Steps​