[Koha-bugs] [Bug 10988] Allow login via Google OAuth2

Fri Oct 23 01:31:48 CEST 2015

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10988

M. Tompsett <mtompset at hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #40979|0                           |1
        is obsolete|                            |

--- Comment #44 from M. Tompsett <mtompset at hotmail.com> ---
Created attachment 43791
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43791&action=edit
Bug 10988: Allow login via Google OAuth2

Adds googleoauth2 login to koha. Adds applicable system
preferences Modifies templates to support oauth2 login
failures changes the login links to use googleoauth2 when
oauth2 is enabled.

Updated patch to address the concerns in Comment 36.

Test Plan:
 0) Back up your database
 1) Apply this patch
 2) In your mysql client use your Koha database and execute:
    > DELETE FROM systempreferences;
    > SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
    -- Should be no errors.
    > SELECT * FROM systempreferences LIKE 'GoogleOAuth%';
    -- Should see 4 entries.
    > QUIT;
 3) Restore your database
 4) Run ./installer/data/mysql/updatedatabase.pl;
 5) In your mysql client use your Koha database and execute:
    > SELECT * FROM systempreferences LIKE 'GoogleOAuth%';
    -- Should see the same 4 entries.
 6) Log into the staff client
 7) Home -> Koha administration -> Global system preferences
 8) -> OPAC
    -- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
 9) -> Administration
    -- There should be a 'Google OAuth2' section with the ability
       to set those 4 system preferences.
10) In a new tab, go to https://console.developers.google.com/project
11) Click 'Create Project'
12) Type in a project name that won't freak users out, like your
    library name (e.g. South Pole Library).
13) Click the 'Create' button.
14) Click the 'APIs & auth' in the left frame.
15) Click 'Credentials'
16) Click 'Create new Client ID'
17) Select 'Web application' and click 'Configure consent screen'.
18) Select the Email Address.
19) Put it a meaningful string into the Product Name
    (e.g. South Pole Library Authentication)
20) Fill in the other fields as desired (or not)
21) Click 'Save'
22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
    (http://library.yourDNS.org)
23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
    googleoauth2 script
    (http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleoauth2)
24) Click 'Create Client ID'
25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
    system preference.
26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
    system preference.
27) Change the GoogleOAuth2 preference to 'Use'.
28) Click 'Save all Administration preferences'
29) In the OPAC, click 'Log in to your account'.
    -- You should get a confirmation request, if you are
        already logged in, OR a login screen if you are not.
    -- You need to have the primary email address set to one
       authenticated by Google in order to log in.
30) Run koha qa test tools

-- 
You are receiving this mail because:
You are watching all bug changes.