• last updated 20 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
simplify code

External identity provider reform (part 2)

Use the external identity provider for refresh of logins. When a user

is logged in via an external identity provider, use the same identity

provider for a refresh when it expires. The expiration time is

controlled via the classical OpenACS parameters.

Note that in general, the same user might be authenticated via a

classical OpenACS authority (e.g. local authority) and/or via an

external one (e.g. Microsoft Identity Platform (Azure) or GitHub).

For single-sign-ons, when the token is still valid, the redirect to

the external identity provider does not mean necessarily that the use

is shown the external identity provider's login page.

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
intensify validation of form variables

    • -4
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
Fixed markup for Navbar for Bootstrap 3 and /5

Many thanks to Monika Andergassen for the contribution

minor cleanup

version maintenance

- the upstream version of the bootstrap fonts changed to 1.10.5

- the location of the CSS file in the distribution zip file has changed with version 1.10.4

- bump package version number to 0.2d6

validate item_type

define item_type for code_interaction

Record the fact that a certain user_id was created via an OAuth identity provider.

    • -1
    • +1
    /openacs-4/packages/xooauth/xooauth.info
use oauth state to transport a nonce and a return_url

fix typo

fix typo

Avoid "ad_url" for producing fully qualified URLs

"ad_url" is not subsite aware.

enforce providing of "given_name" and "family_name" only, when creating of not yet registered users is configured

fix typo

Added support for using GitHub as an identity provider

The handler allows using GitHub as an identity provider for

logins. The GitHub account of the user must have an email address

configured. Optionally, new OpenACS accounts can be created based on

the identity data provided from GitHub.

This functionality is very similar to using Azure accounts via the

Microsoft identity platform provider.

Setup instructions will follow soon.

    • -2
    • +2
    /openacs-4/packages/xooauth/xooauth.info
    • -152
    • +27
    /openacs-4/packages/xooauth/tcl/ms-procs.tcl
file authorize-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/tcl/authorize-procs.tcl
file github-login-handler.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/www/github-login-handler.tcl
file github-login-handler.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/www/github-login-handler.adp
make scope and response_type for ms::Authorize configurable

Port of downstream behavior:

to prevent modern browsers to shut down proctoring when put out of focus, make so that a foreground PiP of one of the streams is always displayed.

Added support for v2.0 for "Microsoft identity platform ID tokens"

Provide external registry information for usage in the login cookie

- This allows a logout operation from Azure, when login happend from

there as well.

- Bump version number to 0.4d3

    • -3
    • +3
    /openacs-4/packages/xooauth/xooauth.info
whitespace changes

Added preliminary support for secondary registries (e.g., MS Azure via oauth2)

- When login happened via external registry, the logout should happen

there as well.

- let "sec_login_read_cookie" return a dict instead of a list

(eases future extension)

- bump version number to 5.10.1d31

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
improve spelling

Added preliminary support for Microsoft identity platform ID tokens

    • -6
    • +246
    /openacs-4/packages/xooauth/tcl/ms-procs.tcl
    • -22
    • +29
    /openacs-4/packages/xooauth/tcl/rest-procs.tcl
file azure-login-handler.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/www/azure-login-handler.adp
file azure-login-handler.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/www/azure-login-handler.tcl
added minimal comments