OAuth

[JiaqiWang18]

Notes for implementing Hopkins SSO

JHU uses SAML-based Shibboleth Identity Provider for SSO. Did some research and found that the support for SAML-based protocols for Flask is very limited compared to that for a full-blown framework such as Django (which Semester.ly uses). I found some libraries that could be useful during the implementation phase but many of those have poor documentation or are either deprecated/in maintenance mode/or abandoned. So it would take some time to try each of them to see which one actually works.

Saml Libraries

PySAML2

• Implements SAML 2.0 standard
• Up-to-date, most promising

SAML Python Toolkit

• Has a Flask example here

Python Social Auth - Flask

• seems to be abandoned for Flask but Semesterly uses python-social-auth for Django

  Tutorials

  JHU IT Docs on adding JHU SSO to an application Madooei's tutorial for implementing JHU SSO in Node JS Okta Authentication using SAML simplified (uses Okata as the IDP but set up can be similar?)

[JiaqiWang18]

Google, Facebook, etc for alternate forms of authentication

[lsj0232191]

Facebook https://developers.facebook.com/docs/facebook-login/web/?locale=en_US

Google https://developers.google.com/identity/sign-in/web/sign-in

[lsj0232191]

Potential Libraries for alternatives(will add pros n cons later) OAuth Passport.js Auth0 Google Sign-In(only google)

[JiaqiWang18]

Potential Libraries for alternatives(will add pros n cons later) OAuth Passport.js Auth0 Google Sign-In(only google)

I think for these, we could focus on the specific Flask implementations. For example, flask-oauth since the backend is using Flask. After you have done your research on these, maybe we can meet and work together to try to implement Hopkins SSO first before pivoting to these alternative forms of auth.

[lsj0232191]

https://flask-saml.readthedocs.io/en/latest/advanced_config.html#session-replacement

chang user storage flask_SAML

[JiaqiWang18]

After experimenting with a few libraries during the meeting, Flask Saml2 seems to be the most promising. By referencing Madooei's Tutorial and looking through the library source code, I was able to get it to generate the correct XML Metadata file. I have sent the file to JHU IT to let them add Hophacks as a trusted service provider. Once they do that, we can continue our implementation.

[lsj0232191]

• No need for a confirmation email
• auto-fill fields(First Name, Last Name, school)
• still need everything else
• If the person already has an account by participating hophacks before, how to connect that to SSO
• jh.edu vs jhu.edu
  • just use jh.edu to compare?
• reverse proxy setup
• Hophacks production architecture, Nginx configuration