Closed rmckayfleming closed 10 years ago
What do you mean exactly? Should CASino act as OpenID/OAuth server or should it support authentication using a OpenID/OAuth source?
Authentication using an OpenID/OAuth source. Great project by the way. :)
Take a look at this: https://wiki.jasig.org/display/CASUM/Configuration+for+the+OAuth+client+support+in+CAS+server+version+%3E%3D+3.5.1
Just out of curiosity, what would be the use case for this? Why wouldn't you directly add support for OpenID or OAuth to the client applications?
I'm also investigating this gem and it looks to me like the missing feature. Why? Simply explained: If I want to build a login app using CASino, I want all my other apps to authenticate using this login-app, so sign in once, signed in on all apps. I can then choose to either sign up and sign in here or choose to sign in using one of the oauth providers like FB, G+ and so on. This should sign me in to all of my apps as well. So single sign on aka login app should implement oauth(2).
If I were to implement oauth client to any app it's not only dup code but would also lose SSO, right?
However, now I wonder if it would be the correct way to
Is it somehow compatible? Is there a way to use username or email to login? Is there a devise authenticator?
Ok, understand the use case for this now.
@kassi I'm not quite sure I understand the setup you are planning to do.
add devise + omniauth to login-app (in addition to casino)
There is ominauth-cas which is compatible with CASino.
configure casino to use devise's user table with ActiveRecord authenticator
Devise defaults to BCrypt for the password encryption and should therefore be compatible with our ActiveRecord authenticator.
use devise's sign up page and casinos sign in page.
As CASino does not feature user management out of the box, it is pretty standard to handle sign-up in an external application.
Is there a way to use username or email to login?
No, as you can only specify one username_column
.
Is there a devise authenticator?
Just found device_cas_authenticable which should be compatible.
Thanks for the reply. I think there's still a misunderstanding since omniauth-cas as well as devise_cas_authenticable seem to be gems you add to some app which will use another app (cas server) for auth.
My aim is to have one app designed to manage users, sign up and sign in (also via external oauth services), and have several other apps only use this one app as central single sign on point without having to implement several services and user model again and again.
CASino is a Rails engine and can therefore by used in any existing Rails app providing sign-up etc. I know that @dlindahl built something similar.
To add support for login through OAuth, writing a CASino authenticator would be the right approach. CASino uses it's own technics to track logged in users and is not compatible with how omniauth or devise does this.
I'm interested in this support as well, to allow users to choose whether to use Google, Facebook, Twitter, or GitHub accounts, or create a local account.
@pencil how would one go about writing a strategy supporting Oauth?
The API for CASinos authentication is a username and password getting POSTed to the login route. Then the strategy eventually validates the username and password.
In the case of OAuth we arrive back from the OAuth provider via a GET request and have various tokens to keep track of. But not exactly a username or password.
Not sure how that fits into the current CASinoApp flow. Is it possible to fit this to the current implementation of the engine or would additional functionality / rewriting be required?
No, it does not fit into the current CASino workflow. The best way would probably be to start off with an "external authenticator" abstraction. Then display a button for all external authenticators at the login page.
As this issue is currently not in our focus, I'll close it for now. I'd gladly look into a pull request though. Feel free to contribute :wink:
I've noticed that Jasig CAS has support for third-party protocols, any plans to bring that to CASino in the near future?