[GeoNode-devel] Adding Oauth2 client support and other remote logins

Fri Nov 17 08:38:07 PST 2017

Hello all, and sorry for this long post ;)

TL; DR - We want to add Oauth2 client support to geonode and are 
interested in feedback from the community. This will involve retiring 
the geonode-user-accounts project though.

I'm currently working on a geonode-related project where there is a 
requirement to offer users the ability to login by connecting with their 
linkedin and facebook accounts. In order to make this possible we are 
integrating Oauth2 client support in geonode.

This seems like a nice addition to geonode and we are interested in 
contributing it back to official geonode.

The current implementation plan consists in integrating the 
django-allauth[1] project with geonode. This is a django app that 
implements a complete authentication solution for django projects.
It manages both local and remote (social account) authentication flows 
and provides lots of interesting features that are common when dealing 
with user authentication, such as signup/register/verify email/reset 
password etc.
It also comes with baked in support for 20+ remote social account 
providers, including linkedin, facebook, google and most well known sites.

geonode is currently managing its auth-related features by using the 
geonode-user-accounts[2] project, which is a fork of 
pinax/django-user-accounts, under geonode's umbrella.
It provides already most auth flows described above. However, it lacks 
integration with social accounts.
django-allauth, on the other hand, provides a unified solution to both 
local and remote authentication flows. As such we're planning to retire 
the geonode-user-accounts project, by replacing it with django-allauth 
plus some custom stuff. The goal is to keep all current features and 
enhance them with remote auth support.

There seem to be two interesting features that geonode-user-accounts 
offers that do not currently exist in django-allauth:

1) Send invitations to get new users to join a geonode instance - We're 
hoping to also bring integration for the django-invitations[3] app in 
order to cover this.
2) Approve/reject a new user's registration - the plan here is to port 
this functionality from geonode-user-accounts to geonode core, by making 
use of the extensibility features of django-allauth

We're interested in getting feedback from geonode's developer community, 
in order to verify if:

- This feature is deemed useful and there is interest in having it in 
core geonode;
- Maybe someone has already some experience implementing Oauth clients 
with geonode and/or using django-allauth?
- Does the current plan sound reasonable, even if it means replacing 
geonode-user-accounts?

Biggest advantages seem to be:

- geonode becomes easier to use by new users, who can reuse their 
already existing social accounts in order to gain access to the platform;
- retiring geonode-user-accounts means a lower maintenance burden on 
geonode devs, since there is less code to oversee;
- both django-allauth and django-notifications seem like healthy 
projects with clean code and good test coverage

We should have an initial implementation to PR by next week. Regardless, 
we're interested in getting some community feedback ;)

Best regards

[1] - https://www.intenct.nl/projects/django-allauth/
[2] - https://github.com/GeoNode/geonode-user-accounts
[3] - https://github.com/bee-keeper/django-invitations

-- 
Regards,
Ricardo Silva
==
GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.
==
Ricardo Silva
Senior Software Engineer

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:      +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New
Data Protection Code). Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility  for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.