Any plans for OpenID/OAuth support? about casino HOT 11 CLOSED

What do you mean exactly? Should CASino act as OpenID/OAuth server or should it support authentication using a OpenID/OAuth source?

from casino.

Authentication using an OpenID/OAuth source. Great project by the way. :)

Take a look at this:
https://wiki.jasig.org/display/CASUM/Configuration+for+the+OAuth+client+support+in+CAS+server+version+%3E%3D+3.5.1

from casino.

Just out of curiosity, what would be the use case for this? Why wouldn't you directly add support for OpenID or OAuth to the client applications?

from casino.

I'm also investigating this gem and it looks to me like the missing feature.
Why? Simply explained:
If I want to build a login app using CASino, I want all my other apps to authenticate using this login-app, so sign in once, signed in on all apps.
I can then choose to either sign up and sign in here or choose to sign in using one of the oauth providers like FB, G+ and so on. This should sign me in to all of my apps as well.
So single sign on aka login app should implement oauth(2).

If I were to implement oauth client to any app it's not only dup code but would also lose SSO, right?

from casino.

However, now I wonder if it would be the correct way to

• add devise + omniauth to login-app (in addition to casino)
• configure casino to use devise's user table with ActiveRecord authenticator
• use devise's sign up page and casinos sign in page.

Is it somehow compatible?
Is there a way to use username or email to login?
Is there a devise authenticator?

from casino.

Ok, understand the use case for this now.

@kassi I'm not quite sure I understand the setup you are planning to do.

add devise + omniauth to login-app (in addition to casino)

There is ominauth-cas which is compatible with CASino.

configure casino to use devise's user table with ActiveRecord authenticator

Devise defaults to BCrypt for the password encryption and should therefore be compatible with our ActiveRecord authenticator.

use devise's sign up page and casinos sign in page.

As CASino does not feature user management out of the box, it is pretty standard to handle sign-up in an external application.

Is there a way to use username or email to login?

No, as you can only specify one username_column.

Is there a devise authenticator?

Just found device_cas_authenticable which should be compatible.

from casino.

Thanks for the reply. I think there's still a misunderstanding since omniauth-cas as well as devise_cas_authenticable seem to be gems you add to some app which will use another app (cas server) for auth.

My aim is to have one app designed to manage users, sign up and sign in (also via external oauth services), and have several other apps only use this one app as central single sign on point without having to implement several services and user model again and again.

from casino.

CASino is a Rails engine and can therefore by used in any existing Rails app providing sign-up etc. I know that @dlindahl built something similar.

To add support for login through OAuth, writing a CASino authenticator would be the right approach. CASino uses it's own technics to track logged in users and is not compatible with how omniauth or devise does this.

from casino.

I'm interested in this support as well, to allow users to choose whether to use Google, Facebook, Twitter, or GitHub accounts, or create a local account.

from casino.

@pencil how would one go about writing a strategy supporting Oauth?

The API for CASinos authentication is a username and password getting POSTed to the login route. Then the strategy eventually validates the username and password.

In the case of OAuth we arrive back from the OAuth provider via a GET request and have various tokens to keep track of. But not exactly a username or password.

Not sure how that fits into the current CASinoApp flow. Is it possible to fit this to the current implementation of the engine or would additional functionality / rewriting be required?

from casino.

No, it does not fit into the current CASino workflow. The best way would probably be to start off with an "external authenticator" abstraction. Then display a button for all external authenticators at the login page.

As this issue is currently not in our focus, I'll close it for now. I'd gladly look into a pull request though. Feel free to contribute 😉

from casino.