SoC Remote Authentication with OpenID and OAuth

From GeeklogWiki
Revision as of 10:27, 22 March 2011 by Dirk (talk | contribs) (link to Writing an OAuth Provider Service (thanks @lornajane))

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
(This is an idea page for the Google Summer of Code)

Incentive

Implement Remote Authentication using OpenID and OAuth such that a Geeklog site can act both as a consumer and as a provider. In other words, allow users to log into a Geeklog site using OpenID or OAuth and allow a Geeklog site to act as a provider of OpenID and OAuth such that you can log into other sites with the accounts from your Geeklog site.

What's there

  • Geeklog currently accepts OpenID 1.1 logins, i.e. using an OpenID from some other provider.
  • As of Geeklog 1.8.0, there will be support for OAuth logins using your Twitter, Facebook, or LinkedIn account.
  • From an earlier GSoC project, we have a library that supports OpenID 2.0 - both the consumer and the provider side. It has not been integrated into Geeklog yet.

What's missing

  1. A first obvious step would be to replace the existing OpenID 1.1 code with the OpenID 2.0 consumer code
  2. Review the current OpenID and OAuth consumer concept
    • Do we want to be able to restrict the services from which we accept logins?
    • OAuth support for Twitter, Facebook, and LinkedIn is currently hard-coded. This should probably be more flexible, such that you can add/remove services (sort of like the code we have for Remote Authentication).
  3. We need a concept for playing the role of an OpenID and OAuth provider
  4. Implement OpenID provider support (since the code is already there)
  5. Implement OAuth provider support (new code required)


Goals

Other than the obvious goals stated above, this project should be used to clean up the various bits and pieces around Geeklog's "native" Remote Authentication, OpenID, and OAuth support such that it is more consistent and easier to understand for both users and site administrators.

  • easy and consistent configuration
  • allow users to associate their account with the other login methods
  • review related settings under "My Account" - some should not be available when using remote authentication
  • review / redesign login forms


Level of Difficulty

medium to hard

The part allowing Geeklog to act as an OAuth provider would have to be implemented from scratch. All new and existing code would have to be reviewed for security issues.

Student should be familiar with OpenID and/or OAuth.


Further Reading