search

GibbonEdu / core

Gibbon is a flexible, open source school management platform designed to make life better for teachers, students, parents and leaders.
https://gibbonedu.org
GNU General Public License v3.0
452 stars 295 forks source link

Improvement in Generic OAuth #1826

Closed leofreitas closed 2 months ago

leofreitas commented 2 months ago

Description Some systems require additional parameters for a login request in order to read the user's basic profile.

Motivation and Context I needed to do SSO and the institution did not use the email field as a username. With this PR, the user can configure it without changing the code. Now it is more generic and flexible.

How Has This Been Tested? Locally and Travis

Screenshots image

SKuipers commented 2 months ago

Hi Leo, thanks for suggesting these changes. I haven't been using the Generic OAuth in production, so it's good to hear you've been able to get it working with these changes. Before merging, I think I'm reading the code correctly, but just wanted to check: it looks like preferred_name is being used as an authentication field (which generally wouldn't be a unique field in Gibbon), but that's only for data on the other end of the OAuth authentication? And so, the returned value matching the usernameAttribute would still need to match a valid username in Gibbon, from what I can see? Just wanted to check, since the use of a non-unique value here could have unwanted side-effects. Thanks!

leofreitas commented 2 months ago

Hi Sandra, that's right! The usernameAttribute in my example is preferred_name. It's on the other side of OAuth authentication, so the value returned needs to match a valid username in Gibbon.

SKuipers commented 2 months ago

Thanks Leo for confirming! These changes look good, I've merged them into v27