[Koha-bugs] [Bug 10988] New: Allow login via Google OAuth2

Thu, 03 Oct 2013 00:18:41 -0700 

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10988

            Bug ID: 10988
           Summary: Allow login via Google OAuth2
 Change sponsored?: ---
           Product: Koha
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Authentication
          Assignee: gmcha...@gmail.com
          Reporter: vano...@gmail.com
        QA Contact: testo...@bugs.koha-community.org
                CC: dpav...@rot13.org

Created attachment 21740
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21740&action=edit
oauth login helper

Here at PBC, we use google apps for education to provide email for our
students, and also koha for our library systems. Although we synchronise our
koha accounts and google accounts, it would be much nicer for patrons to be
able to simply login using OAuth2.

I'm working on getting this going, basing my work on bug 9587.

More details to come - but wanted to get this bug set up and start getting
advice from the Koha experts.

As it currently stands, the oauth2 authentication is working perfectly - on
https. (Switching between the two causes issues with the cookies, as one would
expect).

opac/svc/oauthlogin handles all of the oauth2 magic. Opening this page will log
you in.

There is LOTS of room for improvement in the oauth2 login... mostly because
perl is not my weapon of choice. More obviously:

1. the clientid, clientsecret need to be moved systempreferences (I've stripped
ours from the attached file - these can be obtained from
https://code.google.com/apis/console and then choosing "API Access"
2. Google recommends verifying and decrypting the id_token locally, which means
caching some information and updating it daily. That would make things a lot
faster, but does add to the complication.

As was stated for the personas implementation: "The nice thing about it is, the
user doesn't have to do anything, like linking their account. As long as the
email address they are using... is the same as the one in Koha it will just
work."

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to