|
|
| (42 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| This document describes the functional and technical specification of Moodle Oauth2 plugin(s). Oauth2 plugin(s) will allow a user to authenticate in Moodle with a identity provider that implement Oauth2, like Google or Facebook. | | This information on this page has been archived because it is no longer current. For information on OAuth2 see [[OAuth2_Services]]. |
|
| |
|
| = What is Oauth2 =
| | To see the infomation previously on this page check the history. |
| OAuth is a security protocol that enables users to grant third-party access (i.e. Moodle) to their web resources (i.e Google/Facebook/...'s user data) without sharing their passwords.
| |
| | |
| == See also ==
| |
| * [http://oauth.net/2/ Oauth2 specification]
| |
| | |
| = What are the user's benefits =
| |
| * The user can connect in Moodle with a Google/Facebook/... account.
| |
| * Login is fast: 1 click on a Google/Facebook/... button.
| |
| * The user does not need to remember a password for Moodle.
| |
| * The user can link an existing Moodle account to an Oauth2 identity provider. Thus the user benefits of the above points.
| |
| * When the user is new, the creation process is faster: in the best case, which is the case for Facebook/Google, every mandatory user fields are pre filled.
| |
| | |
| =Why implementing Oauth2 which is still in Draft version=
| |
| The main reason we choose Oauth2 is that massive identity providers as Google already started to [https://developers.google.com/accounts/docs/OAuth deprecate Oauth1] or only use Oauth2 (Facebook). Oauth2 has also for benefit over Oauth1 to be simpler to implement for the client. However at the moment, Oauth2 is on a [http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ rocky road]. The specification are still marked as Draft, and major providers as Facebook or Google implement their own version. But at the end these implementations are globally similar, and we will be able to reuse a major part of our code for each providers.
| |
| | |
| = Functional specification =
| |
| | |
| == User ==
| |
| === User authenticates for the first time in Moodle ===
| |
| === User already has an account ===
| |
| ==== The email address sent by the identity provider is known by Moodle ====
| |
| ==== The email address is unknown ====
| |
| == Administration ==
| |
| The administrator wants to:
| |
| * enable the plugin(s)
| |
| * set Oauth2 client id / Oauth2 client secret
| |
| * allow user account creation
| |
| * set lockable fields
| |
| * deny email addresses
| |
| * bypass the deny email addresses global settings (for example allow hotmail registration by Oauth2 but disallow it for manual to avoid spammer)
| |
| * allow email addresses
| |
| | |
| = Technical specification =
| |
| | |
| == One plugin by provider or One plugin for all providers ==
| |
| === One plugin by provider ===
| |
| ==== Pros ====
| |
| * it works nice with lang file and Amos
| |
| ==== Cons ====
| |
| === One plugin for all providers ===
| |
| ==== Pros ====
| |
| * less click to setup for the administrator. Only enable one plugin.
| |
| | |
| ==== Cons ====
| |
| * the settings page could become bigger and messier.
| |
| * need an additional "enable" checkbox for each providers (so the administrator can disable the plugin without losing the settings)
| |
| * administratosr do not know which Oauth2 provider is enabled without looking into the Oauth2 plugin.
| |
