• last updated 20 hours ago
Constraints: committers
Constraints: files
Constraints: dates
don't assume, the oauth package is installed

External identity provider reform (part 3)

- logout from external identity provider, if logged in via it

- extend default login page via ADP include, when external

identity providers are configured.

    • -2
    • +2
file external-logins.adp was initially added on branch oacs-5-10.

    • -0
    • +0
file external-logins.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
whitespace changes

simplify code

External identity provider reform (part 2)

Use the external identity provider for refresh of logins. When a user

is logged in via an external identity provider, use the same identity

provider for a refresh when it expires. The expiration time is

controlled via the classical OpenACS parameters.

Note that in general, the same user might be authenticated via a

classical OpenACS authority (e.g. local authority) and/or via an

external one (e.g. Microsoft Identity Platform (Azure) or GitHub).

For single-sign-ons, when the token is still valid, the redirect to

the external identity provider does not mean necessarily that the use

is shown the external identity provider's login page.

    • -2
    • +2
intensify validation of form variables

    • -4
    • +4
Fixed markup for Navbar for Bootstrap 3 and /5

Many thanks to Monika Andergassen for the contribution

minor cleanup

version maintenance

- the upstream version of the bootstrap fonts changed to 1.10.5

- the location of the CSS file in the distribution zip file has changed with version 1.10.4

- bump package version number to 0.2d6

validate item_type

define item_type for code_interaction

Record the fact that a certain user_id was created via an OAuth identity provider.

    • -1
    • +1
use oauth state to transport a nonce and a return_url

fix typo

fix typo

Avoid "ad_url" for producing fully qualified URLs

"ad_url" is not subsite aware.

enforce providing of "given_name" and "family_name" only, when creating of not yet registered users is configured

fix typo

Added support for using GitHub as an identity provider

The handler allows using GitHub as an identity provider for

logins. The GitHub account of the user must have an email address

configured. Optionally, new OpenACS accounts can be created based on

the identity data provided from GitHub.

This functionality is very similar to using Azure accounts via the

Microsoft identity platform provider.

Setup instructions will follow soon.

    • -2
    • +2
    • -152
    • +27
file authorize-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
file github-login-handler.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
file github-login-handler.adp was initially added on branch oacs-5-10.

    • -0
    • +0
make scope and response_type for ms::Authorize configurable

Port of downstream behavior:

to prevent modern browsers to shut down proctoring when put out of focus, make so that a foreground PiP of one of the streams is always displayed.

Added support for v2.0 for "Microsoft identity platform ID tokens"

Provide external registry information for usage in the login cookie

- This allows a logout operation from Azure, when login happend from

there as well.

- Bump version number to 0.4d3

    • -3
    • +3
whitespace changes

Added preliminary support for secondary registries (e.g., MS Azure via oauth2)

- When login happened via external registry, the logout should happen

there as well.

- let "sec_login_read_cookie" return a dict instead of a list

(eases future extension)

- bump version number to 5.10.1d31

    • -2
    • +2