[rt-devel] OAuth2 SSO for RT with Github/Google/etc
Michiel Beijen
michiel.beijen at gmail.com
Mon Sep 7 16:47:29 EDT 2015
Hi,
My name is Michiel Beijen and I'm a software developer based in The
Netherlands. Previously I've worked for OTRS.com, the producers of an
open source ticketing system written in Perl, pretty much like RT.
Recently I've responded to questions from ask and Robert at the
Perl.org NOC, http://log.perl.org/2015/08/want-to-help.html who wanted
to get some stuff done but did not have any tuits.
One of their ideas is to replace Bitcard sign up for rt.perl.org with
something that does SSO with sources such as github.com and Google,
because Bitcard has not taken off a lot and the implementation on RT
is not so nice. This might make the barrier to getting RT accounts
easier.
I've looked into this a bit and would like to consider implementing.
Obviously I'd like to leverage one of the existing Oauth2 modules on
CPAN, write the integration with RT and publish this RT extension as a
module on CPAN.
Previously I've used RT only as a CPAN module maintainer or to file
bugs on modules, I just recently started reading through the
documentation and reading through the documentation.
My questions:
- Did anyone create such an integration previously? I tried searching
CPAN, Github, the mailinglists but did not find such a thing yet.
- I think I know how to modify the login page to add 'sign in with
Github' etc buttons. I also know how to send the request to the oauth
provider and how to handle the response, as well as how OAuth2
authentication flow works in general. But for this to work properly, I
need to be able to save some data in the RT database related to users;
I read into the documentation but did not find a way how to make
extensions modify the RT database. I'm sure I did not search hard
enough. Can anyone share any pointers?
- I was planning on using LoadOrCreateByEmail() to fetch the email
address from the Oauth2 provider and create an account if needed.
https://bestpractical.com/docs/rt/4.2/RT/User.html#LoadOrCreateByEmail-ADDRESS
Is this the right approach? I found this method has hardcoded
'Autocreated when added as a watcher' in the Comments field, which
seems a bit strange as the Watcher functionality does not seem the
only usecase for this method. See
https://github.com/bestpractical/rt/blob/stable/lib/RT/User.pm#L540
Thanks in advance!
--
Michiel
More information about the rt-devel
mailing list