search

ArgLab / ArgLab_writing_observer

Writing Observer and Learning Observer: A system for monitoring learning process data, with an initial focus on writing process data from Google Docs.
GNU Affero General Public License v3.0
3 stars 2 forks source link

Oauth authentication #51

Open DrLynch opened 1 year ago

DrLynch commented 1 year ago

The current plugin partially implements OAuth but does not properly validate that the user is logged in nor is that info passed to the server side. For that reason the data can be spoofed. Thus work is needed on the plugin to address this as an additional login check. Some OAuth code has already been developed for the plugin. That code needs to be checked with new code inserted for use.

Damilola will work on this but Piotr if you can add context here that would be great.

pmitros commented 1 year ago

Clarification: No oauth code has been developed for the plug-in. There is a little bit of oauth code server-side, but it's not clear if it's helpful in this context. I have not looked into what's needed for oauth here.

I can help provide pointers to where we authenticated / authorize incoming events, though.

DrLynch commented 1 year ago

There was some prototype Oauth code. It is in the Arul branch on the ArgLab fork. Arul built it during his research work but at present it hasn't been incorporated. It got to the level of doing logins but nothing happened with the login so it does not address the full problem.