Modify

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#3306 closed enhancement (wontfix)

Google Apps Auth Plugin for AccountManager

Reported by: naan Owned by: mgood
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

I've implemented simple Google Auth plugin for AccountManager. This patch allow you to authentication with your Google Apps account.

How to Use

  1. Extract Account Manager egg file and apply patch
    $ cd {path_to_your_python_site_package_dir}
    $ mv TracAccountManager-0.2.1dev_r3857-py2.5.egg tmp.egg
    $ mkdir TracAccountManager-0.2.1dev_r3857-py2.5.egg
    $ cd TracAccountManager-0.2.1dev_r3857-py2.5.egg
    $ unzip ../tmp.egg
    $ patch -p1 < {google_apps_patch_file}
    
  1. Set up your trac.ini
    [components]
    acct_mgr.google.GoogleAuthStore = enabled
    
    [account-manager]
    google_apps_domain={your_google_apps_domain}
    password_store=GoogleAuthStore
    
  1. Login with your google apps domain
    • username: your google apps user name (without domain name)
    • password: your google apps password

TODO

This is just authentication module, but if you have Google Apps Premiere Edition, you can retrieve account information and set user name, email address, timezone, etc... to trac environment

Attachments (1)

google_apps.patch (2.3 KB) - added by naan 6 years ago.
Patch of Google Auth for Account Manager Plugin

Download all attachments as: .zip

Change History (4)

Changed 6 years ago by naan

Patch of Google Auth for Account Manager Plugin

comment:1 Changed 6 years ago by coderanger

This seems like a pretty niche case. Any reason to not make it its own plugin.

comment:2 Changed 6 years ago by mgood

  • Resolution set to wontfix
  • Status changed from new to closed

I'm not comfortable integrating this since it requires users to provide their Google password directly to a 3rd party site. If you're using this for an internal site, I'm sure they can trust you, but this is a practice I'd rather discourage in general.

I think it would be great to see an OAuth plugin which would give users a secure way to sign in with their Google credentials, or another OAuth provider. However, since with the single-sign-on model all account administration is handled by another site it doesn't really fit inside the AccountManager API, so it's probably still easier to keep it in a separate plugin.

comment:3 Changed 6 years ago by mgood

Hrm, I guess the intent of OAuth is more to securely access a user's data stored in a Google application, though maybe it can be used as a signin method as well. If that's not the right API I'm pretty sure there is another one that does work to just authenticate you via Google.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.