microscopepony / omero-oauth

OMERO.web application to allow OAuth2 login to OMERO
https://gitlab.com/openmicroscopy/incubator/omero-oauth/
GNU Affero General Public License v3.0
0 stars 3 forks source link
oauth2 ome omero omero-web omero-web-app openmicroscopy

.. image:: https://travis-ci.com/manics/omero-oauth.svg?branch=master :target: https://travis-ci.com/manics/omero-oauth

OMERO.oauth

🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶

This a fork of https://gitlab.com/openmicroscopy/incubator/omero-oauth

Please use the above GitLab repository for all issues.

🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶🔶

OMERO.web application to allow OAuth2 login to OMERO.

This application works by using an OMERO administrative account to implement an alternative authentication method to the standard username and password. Ensure you review the code and understand the consequences before using this application.

.. image:: ./docs/screenshot-login.png

Requirements

Installation

This section assumes that an OMERO.web is already installed.

::

$ python setup.py install
$ omero config append omero.web.apps '"omero_oauth"'

OMERO.web 5.4.* contains a bug that prevents login using this app. You will need to apply the patch omeroweb-5.4.10-webgateway-marshal-py.patch <omeroweb-5.4.10-webgateway-marshal-py.patch>_ to your copy of OMERO.web:

::

$ cd OMERO.py-5.4.10-ice36-b105
$ patch -p1 < ../omeroweb-5.4.10-webgateway-marshal-py.patch

This bug is fixed in 5.5.0: https://github.com/openmicroscopy/openmicroscopy/pull/5890

Configuration settings:

OAuth2 provider settings:

Restart OMERO.web in the usual way.

::

$ omero web restart

Users will be able to sign-in using OAuth at https://omero.web.host/oauth.

It is not possible to login to other OMERO clients in the usual way since no password is set. If you set omero.web.oauth.sessiontoken.enable=true users can go to https://omero.web.host/oauth/sessiontoken to obtain a new session token.

Configuration Examples

An example provider configuration with three providers is provided, along with an example OMERO.web configuration file. Be sure to read the comments in the files before using them.

After editing the example files you can copy the provider configuration and apply the example omero-web configuration:

::

$ cp multi-example.yaml /opt/omero/web/config/oauth-providers.yaml
$ omero load config-example.omero

Development

OAuth2 requires https to be used throughout. During development you can disable this by setting an environment variable OAUTHLIB_INSECURE_TRANSPORT=1.

Release process

Use bumpversion <https://pypi.org/project/bump2version/>_ to increment the version, commit and tag the repo.

::

$ bumpversion patch
$ git push origin master
$ git push --tags

License

OMERO.oauth is released under the AGPL.

Copyright

2019, The Open Microscopy Environment