On Sat, 17 Feb 2018, Dashamir Hoxha wrote: > Maybe you should contact the project mentors, in order to get a feedback. > > Anyway, trying to build a SSO service from scratch, in 3 months, is a huge > task even for an expert, let alone a student. > I have done it a few years ago (in Drupal7) so I know how difficult it is. > The libraries that you mention are not enough. you should not do something from scratch, but to provide the glue between things already doing the right thing.
> I would suggest that you try some existing implementions and select one of > them. > For example have a look at this list: > https://en.wikipedia.org/wiki/List_of_single_sign-on_implementations Of course. > > I am Himanshu Shekhar [1], an undergrad from IIIT-Allahabad, India. > > I am studying Information Technology, am a polyglot programmer (prefers > > Python, Golang and JavaScript) and have interned at SocialCops[2] (a > > data-intelligence company) as a backend engineer last summer. > > > > I've been going through ideas proposed for GSOC'18 and stepped on this one. > > > > My institute requires me to use LDAP for authenticating on all sorts of > > portals required. Being one of the mentors and coordinators at the > > technical society of the institute, there are times where I have to > > integrate some kind of portal to LDAP which I personally find horrible > > because it is not HTTP and has a lot of restrictions from the campus proxy > > server and firewall. > > > > As a result of this, I have been wanting to develop a generic SSO server > > which can be deployed at website/premise without any hassle, something > > which takes a config file for user database structure, some parameters and > > does rest of the work over HTTP. > > > > ** What I pictured is an *open-source replica of Google Login* [3], with > > same features - a central service which you have configured with the > > information to collect for users who sign up and provide and applications > > can use the service to authenticate and get the user's basic information. > > The authorization part - scoping, limitations, is up to the client > > application. The SSO server does authentication, and authorization is up to > > the application server. > > > > Also, as a hobby project, I've been developing an API using Go and Gin > > where I have implemented auth using JWT tokens [4] (both access and refresh > > tokens), which is extremely simple in structure. > > It does just one work - authenticating the required user from it's > > database. > > > > Talking about the GSOC project, there are certain Oauth2 libraries for > > Python, Golang, JavaScript which can be used to create the required service > > over the top of it. I have listed the required links [5] at the end of > > this email. > > > > Is this similar to what you have pictured for Debian and this GSOC? > > Please let me know. I would be really happy to work on something which I > > have been passionately wanting to make. > > > > References: > > > > [5] Oauth2 libraries : > > Python : https://github.com/oauthlib/oauthlib > > has implementations for Flask, Django, Bottle, Pyramid (mentioned > > in Readme). > > > > Golang : > > Hydra : https://github.com/ory/hydra > > Osin : https://github.com/RangelReale/osin > > > > [1] Himanshu Shekhar > > Github: https://github.com/himanshub16 > > LinkedIn : https://linkedin.com/in/himanshub16 > > > > [2] SocialCops : https://socialcops.com > > > > [3] Google Login : https://developers.google.com/ > > identity/sign-in/web/sign-in > > > > [4] JWT : https://jwt.io > > > > Regards, > > Himanshu Shekhar > >