Sunday, October 22, 2017¶

Third-party authentication providers¶

For #1275 I did my first steps with Python Social Auth.

The configuration section was easy. I created a new plugin lino.modlib.social_auth. But how to connect this to Lino at the web interface level?

I got lost in the Beginner’s Guide. It seems that I ignore something which seems so evident to the author that they don’t even talk about it.

Okay let’s try using the Google backend. Either “OAuth2” or “Google+ Sign-In”. Let’s start with OAuth2.

Using OAuth 2.0 to Access Google APIs

I went to the Google API Console.

It says “You have 12 projects remaining in your quota.”

I created my first project, named “Lino team”. Now it says:

No APIs or services are enabled

Browse the Library to find and use hundreds of available APIs and services

I added two APIs: “Google Calendar” and “Google People” (what’s the difference between People and Contacts?)

It says “To use this API, you may need credentials. Click ‘Create credentials’ to get started.”

I created a “credential” for web clients. This gave me a “client id”, a string that looks similar to this:

1234567890-a1b2c3d4e5.apps.googleusercontent.com

I also downloaded a client_id.json file which contains that string, together with other information about this credential:

{"web":{
  "client_id":"1234567890-a1b2c3d4e5.apps.googleusercontent.com",
  "project_id":"lino-team",
  "auth_uri":"https://accounts.google.com/o/oauth2/auth",
  "token_uri":"https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
  "client_secret":"SH6da...",
  "redirect_uris":["https://jane.saffre-rumma.net/login"],
  "javascript_origins":["https://jane.saffre-rumma.net"]
}}

I added this info to the local settings.py on Jane

AUTHENTICATION_BACKENDS.insert(
  0, 'social_core.backends.google.GoogleOAuth2')
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = \
  '1234567890-a1b2c3d4e5.apps.googleusercontent.com'
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = 'SH6da...'

Now I must obtain an access token from the Google Authorization Server.

Side effect: Until now the value of AUTHENTICATION_BACKENDS was a tuple, which made the above code fail. Now it is a list.

(See also Social Authentication.)

UpdateAllGuests¶

For #2115 they want a button per course which updates the guest list of all planned calendar entries. (Teilnehmerliste aktualisieren für alle Termine. Es wäre praktisch, wenn das „Liste füllen“ bei den einzelnen Terminen automatisch ginge)