-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Google logins #49
Comments
CalNet is Apero CAS, which is definitely not a popular protocol for libraries like this to support. There is a 3rd-party plug-in for django-allauth, https://github.com/aureplop/django-allauth-cas . Allauth is pretty heavy for our use case, but it seems nice enough to use. Explored it some in my fork. |
When we implement this with Google OAuth credentials with the hkn-ops account, we'll need to add the following entries to the secrets.py (encrypted): SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = '...'
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '...' source: https://python-social-auth.readthedocs.io/en/latest/developer_intro.html |
ocfweb does calnet auth, and it doesn't seem too bad, although I'm not sure if it needs any kind of registration with the university to get it all set up. There's this decorator (https://github.com/ocf/ocfweb/blob/54a90774442bbef072185d338129c942b582661b/ocfweb/auth.py#L44-L62), added to paths that need auth (probably would need one for general auth and then a selection between google apps and calnet on a separate page?). I do think CalNet auth would be pretty valuable, most crucially for candidates, since they don't have a HKN email but should all have CalNet logins. Some other relevant code snippets: |
Users currently login using the default Django auth module (guide, API reference).
We'd like to add an optional alternative login, using Google OpenID Connect (sometimes known as OAuth login). In particular, we'd like to support logins with our hkn.eecs.berkeley.edu domain accounts, only. (I'm against allowing logins from other domains, like @gmail.com or @berkeley.edu, in particular because we don't control them and because @berkeley.edu requires CalNet authentication, apparently a pain.)
I think the major library to do this is called python-social-auth, with the specific backend for Django, social-auth-app-django. The authentication pipeline docs can be found here.
While I wouldn't recommend implementing this login manually, there are various OpenID / OAuth pages which may be helpful for understanding the protocol:
The text was updated successfully, but these errors were encountered: