Allow OAuth with European commission account #42
Comments
|
Form partially filled, just need a bit of time to finalize... |
|
Just got this response: The provided URL has been registered in EU Login PROD. |
|
cool! |
|
We need to implement it on the server side. We don't have a normal session based website, only the API to communicate with the Dennis services. Or it is about to connect the wikidata using eulogin? I can help with data if I have access to the servers... |
|
We want to allow users to connect to the mediawiki instance using eulogin ... |
|
We're still stuck on that? |
|
yes .... let's move it for after the demos and so on ... is this ok? |
|
Sure, not urgent but when more users will start editing it will become more pressing... |
|
@weisest you mentioned we have several sites in PHP integrated in EULogin... |
|
Sorry for the naive question but what is OAuth2? EULogin is working with an API and is technology agnostic. It's used also in the Newsroom. Maybe @alainvd knows more how it was done? |
|
hi, OAuth2 is the protocol (standard) used for the login. It is a very complex protocol not a simple API call (multiple back and forth). So generally there is a client (library) to put it in place. Depending on the programming language there is a Php client, javascript client and so on ..... so we were wondering how other EU websites that also are written in Php are doing it since the standard client for Php does not have all the functionality that is needed (DIGIT is using something fancy, non so common) |
|
EU Login does provide support for Open ID Connect since v6 I know that @raphdom tried to integrate it with Amazon Cognito but so far I think it has not been a successful journey. |
|
salut Alain, are you saying with Open ID it should be easier? no PKCE? |
|
Hi Denis, |
|
ok, the pointer to: https://github.com/apereo/phpCAS is already good. @alainvd So you would be able to help if we need to configure the client properly? Because then we could try to substitute this client https://github.com/thephpleague/oauth2-client with the phpCAS one in the wikimedia extension. Sounds easier than adapt the https://github.com/thephpleague/oauth2-client to the PKCE thing ; ) |
|
Well I can't really comment as it depends on how they integrate the identification / authentication in their application. |
|
Yes sure ... this we would take care ... but you could share a minimal example with the https://github.com/apereo/phpCAS client? |
|
I found this extension on the wkimedia library: https://github.com/CWRUChielLab/CASAuth |
|
cool! perfect! in the mediawiki universe there is a plugin for everything! then I will try out this one .... could you help me with this: https://github.com/CWRUChielLab/CASAuth/blob/master/CASAuthSettings.php.template for oAuth Max made a request, filled some forms an so on. Could you check with him how to get the corresponding credentials for CASAuth. |
|
I replied by email with the settings we are using. |
|
thank you! I saw it .... it will take 1-2 weeks until I find the time to do it, but looks like I have everything I need, merci! |
|
Good good. Let me know or Raph if you need anything else :) |
|
Indeed it will be more easy to use the integration with CAS directly instead of open id. |
|
working now, well done @raphdom |
|
Does anyone know, what the link below contains? We evaluate an OAuth2 connection to EU Login, but it is not clear to me if this is available or not?
|
|
@raphdom can you share some (public) details about our EU Login integration? |
|
Hello @jzakotnik. |
|
Thanks @raphdom for answering, this really helps in our case. In particular we look for integration with OpSys, so I guess we need authentication via OpenID, but then also respective authorization in OpSys. |
The first step is to get the oAuth credentials, i.e.
$wgOAuth2Client['client']['id'] = ''; // The client ID assigned to you by the provider
$wgOAuth2Client['client']['secret'] = ''; // The client secret assigned to you by the provider
$wgOAuth2Client['configuration']['authorize_endpoint'] = ''; // Authorization URL
$wgOAuth2Client['configuration']['access_token_endpoint'] = ''; // Token URL
$wgOAuth2Client['configuration']['api_endpoint'] = ''; // URL to fetch user JSON
$wgOAuth2Client['configuration']['redirect_uri'] = ''; // URL for OAuth2 server to redirect to
$wgOAuth2Client['configuration']['username'] = 'username'; // JSON path to username
$wgOAuth2Client['configuration']['email'] = 'email'; // JSON path to email
$wgOAuth2Client['configuration']['scopes'] = 'openid email profile'; //Permissions
The Redirect URI for your wiki should be:
https://linkedopendata.eu/wiki/Special:OAuth2Client/callback
The text was updated successfully, but these errors were encountered: