Open jbian92 opened 2 years ago
Google, Facebook, etc for alternate forms of authentication
Potential Libraries for alternatives(will add pros n cons later) OAuth Passport.js Auth0 Google Sign-In(only google)
Potential Libraries for alternatives(will add pros n cons later) OAuth Passport.js Auth0 Google Sign-In(only google)
I think for these, we could focus on the specific Flask implementations. For example, flask-oauth since the backend is using Flask. After you have done your research on these, maybe we can meet and work together to try to implement Hopkins SSO first before pivoting to these alternative forms of auth.
https://flask-saml.readthedocs.io/en/latest/advanced_config.html#session-replacement
chang user storage flask_SAML
After experimenting with a few libraries during the meeting, Flask Saml2 seems to be the most promising. By referencing Madooei's Tutorial and looking through the library source code, I was able to get it to generate the correct XML Metadata file. I have sent the file to JHU IT to let them add Hophacks as a trusted service provider. Once they do that, we can continue our implementation.
Notes for implementing Hopkins SSO
JHU uses SAML-based Shibboleth Identity Provider for SSO. Did some research and found that the support for SAML-based protocols for Flask is very limited compared to that for a full-blown framework such as Django (which Semester.ly uses). I found some libraries that could be useful during the implementation phase but many of those have poor documentation or are either deprecated/in maintenance mode/or abandoned. So it would take some time to try each of them to see which one actually works.
Saml Libraries
PySAML2
SAML Python Toolkit
Python Social Auth - Flask
Tutorials
JHU IT Docs on adding JHU SSO to an application Madooei's tutorial for implementing JHU SSO in Node JS Okta Authentication using SAML simplified (uses Okata as the IDP but set up can be similar?)