Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Open edX Con 2017 — OAuth Lighting Talk

Open edX Con 2017 — OAuth Lighting Talk

Using Open edX's OAuth-based authentication system to extend the platform

34b8765e9b3e4a8ec709c7b3d50f2a9b?s=128

Miguel Amigot

May 25, 2017
Tweet

Transcript

  1. OPEN EDX & OAUTH2 Scalable Extensions to the Platform Miguel

    Amigot CTO
  2. WHY THIS IS INTERESTING

  3. OPEN EDX IS INCREASINGLY MOVING TO MICROSERVICES

  4. CAN DEPLOY SEPARATE WEBSITES AND SERVICES

  5. USE CASES Insights and Ecommerce (already) 1 Customized admin dashboards

    2 3 Instructor news feed?
  6. INSIGHTS

  7. HOW DO WE HANDLE USER ACCOUNTS?

  8. SINGLE SIGN-ON Use edx-platform’s data 1 Referenced — but keep

    sessions 2 3 Single sign-on & single sign-out
  9. HOW DOES THIS WORK?

  10. OAUTH (MOSTLY) edx/edx-platform Provider Clients edx-analytics-dashboard ecommerce credentials

  11. OAUTH (SIMPLIFIED) Register the client on edx/edx-platform (get an app

    client ID and a client secret) 1 2 Exchange these credentials on the client for access tokens and use these to get resources
  12. /admin/oauth2/client/add/

  13. BUT OAUTH DOESN’T SAY WHO THE USER IS…

  14. …SINCE THE ACCESS TOKEN IS OPAQUE TO THE CLIENT

  15. oauth.net/articles/authentication

  16. SUPPLEMENT OAUTH WITH OPENID CONNECT

  17. OPENID CONNECT OAuth client IDs, client secrets and access tokens

    + A user identifier attached to each request
  18. EDX HAS AN OPENID CONNECT AUTH BACKEND

  19. edx/auth-backends

  20. CALLING IT FROM EACH CLIENT

  21. pip install edx-auth-backends

  22. settings/base.py

  23. Login and Logout URLs

  24. MAIN POINTS EdX is moving to microservices… and auth is

    obviously ready 1 Built on popular standards: OAuth and OpenID Connect* 2 3 Easy to build separately scalable services with user auth
  25. QUESTIONS? miguel@ibleducation.com @miguelamigot