[Koha-bugs] [Bug 10988] New: Allow login via Google OAuth2

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Oct 3 09:17:45 CEST 2013 

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10988

            Bug ID: 10988
           Summary: Allow login via Google OAuth2
 Change sponsored?: ---
           Product: Koha
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Authentication
          Assignee: gmcharlt at gmail.com
          Reporter: vanoudt at gmail.com
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

Created attachment 21740
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21740&action=edit
oauth login helper

Here at PBC, we use google apps for education to provide email for our
students, and also koha for our library systems. Although we synchronise our
koha accounts and google accounts, it would be much nicer for patrons to be
able to simply login using OAuth2.

I'm working on getting this going, basing my work on bug 9587.

More details to come - but wanted to get this bug set up and start getting
advice from the Koha experts.

As it currently stands, the oauth2 authentication is working perfectly - on
https. (Switching between the two causes issues with the cookies, as one would
expect).

opac/svc/oauthlogin handles all of the oauth2 magic. Opening this page will log
you in.

There is LOTS of room for improvement in the oauth2 login... mostly because
perl is not my weapon of choice. More obviously:

1. the clientid, clientsecret need to be moved systempreferences (I've stripped
ours from the attached file - these can be obtained from
https://code.google.com/apis/console and then choosing "API Access"
2. Google recommends verifying and decrypting the id_token locally, which means
caching some information and updating it daily. That would make things a lot
faster, but does add to the complication.

As was stated for the personas implementation: "The nice thing about it is, the
user doesn't have to do anything, like linking their account. As long as the
email address they are using... is the same as the one in Koha it will just
work."

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list