Skip to content
OAuth implementation over IITB LDAP authentication system
Branch: master
Clone or download

README.md

Code Health Build Status Requirements Status Coverage Status

OAUTH 2.0 Provider for LDAP

This application follows the standard OAuth2.0 flow described in RFC 6749

Detailed documentation is present at: https://gymkhana.iitb.ac.in/sso/doc/

Special Feature

  • Selective Permissions option for users (like facebook)
  • Atomic Permissions for fields

URLs:

All URLs are from base of application URL. (i.e. assuming application is installed at '/')

  • Application Registration /oauth/applications/
  • Authorization /oauth/authorize/
  • Get Access Token /oauth/token/
  • Revoke Token /oauth/revoke_token/

Scopes:

  • basic: Know who you are on SSO
  • profile: Your first name and last name
  • picture: Profile Picture
  • ldap: Your ldap username and email
  • phone: Your contact number including additional numbers
  • insti_address: Your address inside institute
  • program: Your roll number, department, course, joining year and graduation year
  • secondary_emails: Your alternate emails
  • send_mail: Send you mail on behalf of application

User Resources:

  • /user/api/user/: Get basic information corresponding to basic scope
  • /user/api/user/?fields=field1,field2: Get additional information corresponding to field1 and field2. See available fields below

Fields:

Field Name: Required Scopes

  • first_name: profile
  • last_name: profile
  • profile_picture: profile picture
  • username: ldap
  • email: ldap
  • mobile: phone
  • roll_number: program
  • contacts: phone
  • insti_address: insti_address
  • program: program
  • secondary_emails: secondary_emails

TODO:

  • Atomize permissions
  • Add endpoint to send email on behalf of app
  • Create Login with SSO widgets
  • 
    
You can’t perform that action at this time.