cykel is mostly configured graphically with the django-admin based administration interface. This is reachable at
Things that can’t be configured graphically in the admin are provided as environment variables. This is for example needed to provide the Database Credentials or the Hostnames where cykel is reachable at.
Only in some edge cases you may have to directly modify the
Initial Admin Access¶
For your first user with administrative rights, use djangos default way to create a superuser. Don’t forget to run this as
openbike and apply the venv:
$ source /srv/openbike/venv/bin/activate (venv)$ python3 manage.py createsuperuser
Cykel needs to know how to refer to itself. This is used in login redirects, so we have to make sure this value is correct. The configuration happens within djangos default Site model, so you have to configure it in the Sites section in the administration. This already contains an
example.com site right after the installation - just edit this first entry.
For the configuration: The domain name must equal the cykel installation domain name, the display name should be the name where your voorwiel UI is reachable at.
cykel is using django-allauth for integrating third-party login, their documentation provides a list of providers they support. For most of the providers, it is enough to add them to
cykel/settings.py. By default, Twitter, GitHub, Stackexchange, Slack and FragDenStaat as well as Eventphone are available and already installed.
For configuring an Authentication Provider look into Social Applications. When you add a provider there, put the providers name in lowercase into the name field - this is used in the callback url. You also need to provide the OAuth2 client id and the client secret. Some providers call this differently, for these we’ve added instructions below.
The Callback URL you are asked by the provider to put on their allow list is
<name>is the name of your created social application in the cykel admin, this is why you should use short and lowercase provider names there.
For twitter, you have to apply for developer account access. If you have developer access, create an app – read-only permissions are enough, we’re only going to use it for authentication.
Our needed Credentials can be found on the Keys and tokens Page as Consumer API keys, the client id is the api key, the client secret is the api secret key.
If you want to use GitHub as an Authentication Provider, create a new OAuth App at https://github.com/settings/developers. You can also create this directly in the settings of an GitHub organization you have Owner access, or you can transfer the ownership to an Organization later from your account. After creating the OAuth App, the Client ID and Client Secret are displayed.
If you want to give users that login with trusted provider the access to rent bikes immediately, without verifying and assigning them rights manually, the
AUTOENROLLMENT_PROVIDERSenvironment variable is for you. Put the Social Application names there and seperate them by comma if its more than one provider.
Users that login with a provider listed in
AUTOENROLLMENT_PROVIDERSare placed in the
autoenrollment-rentgroup. This group has by default the right to rent bikes.
When people have authenticated already, you can set staff status and/or superuser status on their user profiles. They still need a password to authenticate with the administration interface, you can set this with the password reset link on their profile page.