Modify

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#3306 closed enhancement (wontfix)

Google Apps Auth Plugin for AccountManager

Reported by: Kazuho Okui Owned by: Matt Good
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

I've implemented simple Google Auth plugin for AccountManager. This patch allow you to authentication with your Google Apps account.

How to Use

  1. Extract Account Manager egg file and apply patch
    $ cd {path_to_your_python_site_package_dir}
    $ mv TracAccountManager-0.2.1dev_r3857-py2.5.egg tmp.egg
    $ mkdir TracAccountManager-0.2.1dev_r3857-py2.5.egg
    $ cd TracAccountManager-0.2.1dev_r3857-py2.5.egg
    $ unzip ../tmp.egg
    $ patch -p1 < {google_apps_patch_file}
    
  1. Set up your trac.ini
    [components]
    acct_mgr.google.GoogleAuthStore = enabled
    
    [account-manager]
    google_apps_domain={your_google_apps_domain}
    password_store=GoogleAuthStore
    
  1. Login with your google apps domain
    • username: your google apps user name (without domain name)
    • password: your google apps password

TODO

This is just authentication module, but if you have Google Apps Premiere Edition, you can retrieve account information and set user name, email address, timezone, etc... to trac environment

Attachments (1)

google_apps.patch (2.3 KB) - added by Kazuho Okui 9 years ago.
Patch of Google Auth for Account Manager Plugin

Download all attachments as: .zip

Change History (4)

Changed 9 years ago by Kazuho Okui

Attachment: google_apps.patch added

Patch of Google Auth for Account Manager Plugin

comment:1 Changed 9 years ago by Noah Kantrowitz

This seems like a pretty niche case. Any reason to not make it its own plugin.

comment:2 Changed 9 years ago by Matt Good

Resolution: wontfix
Status: newclosed

I'm not comfortable integrating this since it requires users to provide their Google password directly to a 3rd party site. If you're using this for an internal site, I'm sure they can trust you, but this is a practice I'd rather discourage in general.

I think it would be great to see an OAuth plugin which would give users a secure way to sign in with their Google credentials, or another OAuth provider. However, since with the single-sign-on model all account administration is handled by another site it doesn't really fit inside the AccountManager API, so it's probably still easier to keep it in a separate plugin.

comment:3 Changed 9 years ago by Matt Good

Hrm, I guess the intent of OAuth is more to securely access a user's data stored in a Google application, though maybe it can be used as a signin method as well. If that's not the right API I'm pretty sure there is another one that does work to just authenticate you via Google.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Matt Good.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.