Adding new Oauth or Oauth2 backend in Cypress?
477 views
Skip to first unread message
Pierre Mailhot
Aug 12, 2015, 3:15:30 PM8/12/15
to Open edX operations
In our previous installation of Birch, we were using Google, Facebook and Twitter for third-party authentication.
When I try to go to the admin page (admin/third_party_auth/oauth2providerconfig) all I see for the "Backend name" are google-auth2, linkedin-auth2 and facebook.
Where can I add "Twitter" (or any other) to the list? I see a reference to THIRD_PARTY_AUTH_BACKENDS but I have no idea of the format to use...
I tried adding 'social.backends.twitter.TwitterOAuth' in lms/envs/aws.py where the others were defined, but it didn't change anything after I ran paver to recompile the assets.
I must be missing something very obvious...
Any help would be greatly appreciated since we will need this in Production. Thanks.
Pierre Mailhot
Aug 12, 2015, 3:33:22 PM8/12/15
to Open edX operations
OK, found a reference in bok_choy.env.json
| "THIRD_PARTY_AUTH_BACKENDS": [ | |
| "social.backends.google.GoogleOAuth2", | |
| "social.backends.linkedin.LinkedinOAuth2", | |
| "social.backends.facebook.FacebookOAuth2", | |
| "third_party_auth.dummy.DummyBackend", | |
| "third_party_auth.saml.SAMLAuthBackend" | |
| ], |
But even after adding "social.backends.twitter.TwitterOAuth" it does not work...
Pierre Mailhot
Aug 12, 2015, 4:05:13 PM8/12/15
to Open edX operations
Well...
It seems to only work with OAuth2 provider.
How can I go back to the previous method used in Birch and use the provider I added in
common/djangoapps/third_party_auth/provider.py ?
Pierre Mailhot
Aug 12, 2015, 11:29:04 PM8/12/15
to Open edX operations
Can someone from the devops team confirm (or deny) that any OAuth1 provider will not work?
For example, Twitter.
And if it works, please share the little bit of technomagic used... I tried a few things today, and I could only see the ones with Oauth2 in the admin page.
I was able to use Twitter in the past by adding a Twitter class in common/djangoapps/third_party_auth/provider.py, so I have a few users who linked their accounts to it.
How do I go back being able to use Twitter now?
Ned Batchelder
Aug 13, 2015, 11:52:09 AM8/13/15
to opene...@googlegroups.com
Pierre,
Sorry for the breakage. I talked about this with Braden MacDonald, who will work on a fix and will be responding soon.
--Ned.
To view this discussion on the web visit https://groups.google.com/d/msgid/openedx-ops/9fc6779a-b950-402d-9013-219cbbdf93b4%40googlegroups.com.--
You received this message because you are subscribed to the Google Groups "Open edX operations" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openedx-ops...@googlegroups.com.
Pierre Mailhot
Aug 13, 2015, 12:21:19 PM8/13/15
to opene...@googlegroups.com
Thanks Ned.
We might be able to live without it. It would not be a problem sending an email to users who have linked their account with Twitter and ask them to reinitialize their edX password and relink their account with a proper OAuth2 provider.
As a CISSP, I fully understand why we should encourage the use of OAuth2 over OAuth1.
If the fix is easy, go for it and thanks.
If the fix is complicated, we will blame Twitter for using OAuth1 for authentication. They do use OAuth2 for other purposes.
I am just worried we might not be the only ones who added OAuth1 provider with Birch or Aspen.
Thanks for the reply.
I now have to update my cypress-rc4 test-server to cypress today :-)
Regards,
Pierre
--
You received this message because you are subscribed to a topic in the Google Groups "Open edX operations" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openedx-ops/RerASgJQACM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openedx-ops...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openedx-ops/CAGtJPNPsKUpY3%2BkwYhi%3DiTkZhNyqBmV_pQQmRVsE6jjxywt72A%40mail.gmail.com.
Ned Batchelder
Aug 14, 2015, 6:58:17 AM8/14/15
to opene...@googlegroups.com
Pierre, Braden has a pull request with a fix: https://github.com/edx/edx-platform/pull/9313
Can you confirm that it works for you?
--Ned.
To view this discussion on the web visit https://groups.google.com/d/msgid/openedx-ops/CALqvzAP_diuscoGuMULLSSzFCEiHw7dmX0iXju4u-n2ZudYGVA%40mail.gmail.com.
Braden MacDonald
Aug 14, 2015, 6:58:42 AM8/14/15
to Open edX operations
Hi Pierre,
It turns out the fix is fairly simple. The changes required to the platform code are here:
I tested those changes and confirmed that Twitter logins work after that fix. You were on the right track with the steps you were taking in your first email - add the following to ~/lms.env.json:
"THIRD_PARTY_AUTH_BACKENDS": [
"social.backends.google.GoogleOAuth2",
"social.backends.linkedin.LinkedinOAuth2",
"social.backends.facebook.FacebookOAuth2",
"social.backends.twitter.TwitterOAuth",
"third_party_auth.saml.SAMLAuthBackend"
]
Then add Twitter as a provider via /admin/third_party_auth/oauth2providerconfig/
In the near future I'll add tests to finish up that pull request and we'll most likely include it in a future release.
Cheers,
Braden
Pierre Mailhot
Aug 14, 2015, 10:28:41 AM8/14/15
to Open edX operations
It works. Thank you very much.
Pierre Mailhot
Aug 14, 2015, 10:29:29 AM8/14/15
to Open edX operations
Thanks Braden. It works now. This is greatly appreciated.
Reply all
Reply to author
Forward
0 new messages