[Koha-bugs] [Bug 16892] Add automatic patron registration via OAuth2 login

Tue Jul 19 16:35:32 CEST 2016

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16892

--- Comment #3 from M. Tompsett <mtompset at hotmail.com> ---
TEST PLAN
---------
1) backup the database
2) run upgrade: ./installer/data/mysql/updatedatabase.pl
   -- proves the atomic update.
3) run it again:
   -- proves the INSERT IGNORE is done
4) drop the database and recreate it
       mysql> drop database koha_library;
       mysql> create database koha_library;
5) run the web installer
6) log into the staff client
7) Home -> Koha administration
        -> Global system preferences
        -> Administration
   -- GoogleOpenIDConnectAutoRegister,
      GoogleOpenIDConnectDefaultBranch, and
      GoogleOpenIDConnectDefaultCategory should be visible
      in the "Google OpenID Connect" section.
   -- proves the admin.pref is correct
8) In a new tab, go to https://console.developers.google.com/project
   and log in.
9) Click 'CREATE PROJECT'
10) Enter a project name which isn't going to scare the user off.
    (e.g. {institution} Library Authentication)
11) Wait a bit, then click 'Credentials' on the left pane.
12) Click the 'Create credentials' drop down button, and
    select 'OAuth client ID'
13) Click the 'Configure consent screen' button
14) Enter at least a product name which isn't going to scare the
    user off.
        (e.g. {institution} Library)
15) Click 'Save'
16) Select 'Web application'
17) Enter at least a memorable name whose purpose is clear.
    (e.g. {institution} Library Credentials)
18) Enter the OPAC URL into the 'Authorized JavaScript origins' text box
19) Enter a URL of the form:
    {OPACBaseURL}/cgi-bin/koha/svc/auth/googleopenidconnect
        into the 'Authorized redirect URIs' text box.
20) Click the 'Create' button.
21) Copy the client ID into the 'GoogleOAuth2ClientID' system preference
22) Copy the client secret into the 'GoogleOAuth2ClientSecret' system
preference
23) Change the 'GoogleOpenIDConnect' system preference to 'Use'.
24) Change the 'GoogleOpenIDConnectAutoRegister' system preference to 'Allow'
25) Enter default branch and category values.
    (for all sample data: GoogleOpenIDConnectDefaultBranch=CPL,
                          GoogleOpenIDConnectDefaultCategory=PT)
26) Click 'Save all Administration preferences'
27) Click 'OPAC' in the left pane.
28) Make sure OPACBaseURL is set.
27) Open the OPAC and click 'Log in to your account'
28) Click 'Allow' to authorize Google.
    -- should end up at opac-user page.
    -- proves everything works. :)

NOTE: Because of the nature of OAuth, authenticating this way does
      not force a Google log out and the user MUST make a secondary
          effort to log out or close the browser. Otherwise, a person
          from the same terminal could abuse that person's Google account.

-- 
You are receiving this mail because:
You are watching all bug changes.