Sunday, October 22, 2017¶
Third-party authentication providers¶
For #1275 I did my first steps with Python Social Auth.
The configuration section was easy.
I created a new plugin lino.modlib.social_auth
.
But how to connect this to Lino at the web interface level?
I got lost in the Beginner’s Guide. It seems that I ignore something which seems so evident to the author that they don’t even talk about it.
Okay let’s try using the Google backend. Either “OAuth2” or “Google+ Sign-In”. Let’s start with OAuth2.
Using OAuth 2.0 to Access Google APIs
I went to the Google API Console.
It says “You have 12 projects remaining in your quota.”
I created my first project, named “Lino team”. Now it says:
I added two APIs: “Google Calendar” and “Google People” (what’s the difference between People and Contacts?)
It says “To use this API, you may need credentials. Click ‘Create credentials’ to get started.”
I created a “credential” for web clients. This gave me a “client id”, a string that looks similar to this:
1234567890-a1b2c3d4e5.apps.googleusercontent.com
I also downloaded a client_id.json
file which contains that
string, together with other information about this credential:
{"web":{
"client_id":"1234567890-a1b2c3d4e5.apps.googleusercontent.com",
"project_id":"lino-team",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"client_secret":"SH6da...",
"redirect_uris":["https://jane.saffre-rumma.net/login"],
"javascript_origins":["https://jane.saffre-rumma.net"]
}}
I added this info to the local settings.py
on Jane
AUTHENTICATION_BACKENDS.insert(
0, 'social_core.backends.google.GoogleOAuth2')
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = \
'1234567890-a1b2c3d4e5.apps.googleusercontent.com'
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = 'SH6da...'
Now I must obtain an access token from the Google Authorization Server.
Side effect: Until now the value of AUTHENTICATION_BACKENDS
was a tuple, which made the above code fail. Now it is a list.
(See also Social Authentication.)