[GeoNode-devel] Adding Oauth2 client support and other remote logins
Ricardo Garcia Silva
ricardo.silva at geo-solutions.it
Fri Nov 17 08:38:07 PST 2017
Hello all, and sorry for this long post ;)
TL; DR - We want to add Oauth2 client support to geonode and are
interested in feedback from the community. This will involve retiring
the geonode-user-accounts project though.
I'm currently working on a geonode-related project where there is a
requirement to offer users the ability to login by connecting with their
linkedin and facebook accounts. In order to make this possible we are
integrating Oauth2 client support in geonode.
This seems like a nice addition to geonode and we are interested in
contributing it back to official geonode.
The current implementation plan consists in integrating the
django-allauth project with geonode. This is a django app that
implements a complete authentication solution for django projects.
It manages both local and remote (social account) authentication flows
and provides lots of interesting features that are common when dealing
with user authentication, such as signup/register/verify email/reset
It also comes with baked in support for 20+ remote social account
providers, including linkedin, facebook, google and most well known sites.
geonode is currently managing its auth-related features by using the
geonode-user-accounts project, which is a fork of
pinax/django-user-accounts, under geonode's umbrella.
It provides already most auth flows described above. However, it lacks
integration with social accounts.
django-allauth, on the other hand, provides a unified solution to both
local and remote authentication flows. As such we're planning to retire
the geonode-user-accounts project, by replacing it with django-allauth
plus some custom stuff. The goal is to keep all current features and
enhance them with remote auth support.
There seem to be two interesting features that geonode-user-accounts
offers that do not currently exist in django-allauth:
1) Send invitations to get new users to join a geonode instance - We're
hoping to also bring integration for the django-invitations app in
order to cover this.
2) Approve/reject a new user's registration - the plan here is to port
this functionality from geonode-user-accounts to geonode core, by making
use of the extensibility features of django-allauth
We're interested in getting feedback from geonode's developer community,
in order to verify if:
- This feature is deemed useful and there is interest in having it in
- Maybe someone has already some experience implementing Oauth clients
with geonode and/or using django-allauth?
- Does the current plan sound reasonable, even if it means replacing
Biggest advantages seem to be:
- geonode becomes easier to use by new users, who can reuse their
already existing social accounts in order to gain access to the platform;
- retiring geonode-user-accounts means a lower maintenance burden on
geonode devs, since there is less code to oversee;
- both django-allauth and django-notifications seem like healthy
projects with clean code and good test coverage
We should have an initial implementation to PR by next week. Regardless,
we're interested in getting some community feedback ;)
 - https://www.intenct.nl/projects/django-allauth/
 - https://github.com/GeoNode/geonode-user-accounts
 - https://github.com/bee-keeper/django-invitations
GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.
Senior Software Engineer
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New
Data Protection Code). Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.
More information about the geonode-devel