social-core icon indicating copy to clipboard operation
social-core copied to clipboard

Published 20 hours ago verified publisher icon python-social-auth

Generic OAuth2 backend

Open davidc opened this issue 2 years ago • 6 comments

Expected behaviour

I would like to be able to use an OAuth2 service without having to make a custom backend python file just in order to set the URLs.

Actual behaviour

It seems that you cannot instantiate BaseOAuth2 directly and there is no way to configure the authorisation and token and userinfo URLs anyway. Please correct me if I'm wrong. But it looks like every single service that uses OAuth2 has had to create a subclass in social_core/backends/. This is particularly problematic for me as I then need to rebuild docker containers just to get this custom subclass in.

Any other comments?

This does not seem to be a problem for SAML or OpenID, just for OAuth2.

davidc avatar Mar 22 '22 16:03 davidc

https://github.com/python-social-auth/social-core/pull/669 does this for Open ID Connect. The problem with OAuth2 is that there is no standard way of getting user details and that is what every subclass of BaseOAuth2 implements...

nijel avatar Mar 24 '22 08:03 nijel

It seems that this just could be passed a mapping array, anyway in the meantime I've submitted a PR for uffd support with the URLs configured through config.

davidc avatar Mar 24 '22 11:03 davidc

Other software manages to do generic oauth2 with some restrictions. See for example gitlab: https://docs.gitlab.com/ee/integration/oauth2_generic.html That's enough for most use case and for those where it isn't you can still fork.

It's much easier to just enter urls and field mappings than to having to fork the whole library and get a packaging infrastructur as well as the deployment side by side to your distro's running.

andynd avatar Mar 24 '22 11:03 andynd

#669 does this for Open ID Connect. The problem with OAuth2 is that there is no standard way of getting user details and that is what every subclass of BaseOAuth2 implements...

I completely agree.

davidhalter avatar Mar 24 '22 12:03 davidhalter

It's much easier to just enter urls and field mappings than to having to fork the whole library and get a packaging infrastructur as well as the deployment side by side to your distro's running.

On the other side, it is much easier to write code for a single OAuth2 service, than a generic one which can be configured in a way you describe. Maybe that's why nobody has contributed it so far. I'm not saying it cannot be implemented, but somebody has to do that.

nijel avatar Mar 24 '22 13:03 nijel

I agree. I think we can do like Portainer and Gitea do.

eg:

iShot2022-04-15 14 31 48

lvelvee avatar Apr 15 '22 06:04 lvelvee