Open edX Con 2017 — OAuth Lighting Talk

Transcript

1. OPEN EDX & OAUTH2 Scalable Extensions to the Platform Miguel

   Amigot CTO

2. WHY THIS IS INTERESTING

3. OPEN EDX IS INCREASINGLY MOVING TO MICROSERVICES

4. CAN DEPLOY SEPARATE WEBSITES AND SERVICES

5. USE CASES Insights and Ecommerce (already) 1 Customized admin dashboards

   2 3 Instructor news feed?

6. INSIGHTS

7. HOW DO WE HANDLE USER ACCOUNTS?

8. SINGLE SIGN-ON Use edx-platform’s data 1 Referenced — but keep

   sessions 2 3 Single sign-on & single sign-out

9. HOW DOES THIS WORK?

10. OAUTH (MOSTLY) edx/edx-platform Provider Clients edx-analytics-dashboard ecommerce credentials

11. OAUTH (SIMPLIFIED) Register the client on edx/edx-platform (get an app

    client ID and a client secret) 1 2 Exchange these credentials on the client for access tokens and use these to get resources

12. /admin/oauth2/client/add/

13. BUT OAUTH DOESN’T SAY WHO THE USER IS…

14. …SINCE THE ACCESS TOKEN IS OPAQUE TO THE CLIENT

15. oauth.net/articles/authentication

16. SUPPLEMENT OAUTH WITH OPENID CONNECT

17. OPENID CONNECT OAuth client IDs, client secrets and access tokens

    + A user identifier attached to each request

18. EDX HAS AN OPENID CONNECT AUTH BACKEND

19. edx/auth-backends

20. CALLING IT FROM EACH CLIENT

21. pip install edx-auth-backends

22. settings/base.py

23. Login and Logout URLs

24. MAIN POINTS EdX is moving to microservices… and auth is

    obviously ready 1 Built on popular standards: OAuth and OpenID Connect* 2 3 Easy to build separately scalable services with user auth

25. QUESTIONS? [email protected] @miguelamigot