Contributors mailing list archives
contributors@odoo-community.org
Browse archives
Re: Azure AD authentication Advice auth_oauth.
by
Anybox, Pierre Verkest
Sorry to come late on that!
Not sure what is the state of your work on onpenId connect?regards,
2016-08-08 5:38 GMT+02:00 Graeme Gellatly <gdgellatly@gmail.com>:
Turns out I was using the OpenID Connect authorization flow. Rather than mangle with oauth2, or try and fix auth_openid, I just created completely separately as I'm sure others will want OpenID connect. Will clean up the code shortly and publish. It's been done to work with Microsoft Azure AD, so will be interested in feedback from using other providers.On Sat, Aug 6, 2016 at 10:27 AM, Graeme Gellatly <gdgellatly@gmail.com> wrote:My alternative is to simply copy the oauth module and make edits, changing endpoints etc, but when I tried it didn't work so any advice on the steps to do this would be appreciated.Similarly in main.py, it queries the response, sets some fields and call res_user.auth_oauth. The Odoo module does very little in the way of preventing hacks and replay attacks. Doesn't verify signatures, audience, expiries etc or send randomised state information for validation. Is there anyway to neatly inherit and override functions in main.py? The strange thing is that I copied the original and called it auth_auth2 in my hacking. It isn't installed, but that file gets called rather than my copy.Is there anyway to inherit a javascript function and override it in another module? The idea would be to take the hard coded query string and have it constructed from an oauth_auth flow type stored on the model.The query string sent in auth_oauth is different. It requires different key value pairs, for example a nonce is required, and the token type is 'id_token'. It is very much an openid_connect workflow (not like auth_openid which really should be deprecated).The ORM side is not too difficult, just a few extra fields and function overrides however the problems start with the web side.However with some relatively minor hacking of the auth_ouath module it works, however now I want to turn that into a module which extends auth_oauth.Hi all,My context here is v7, but should apply to all versions. We use Office 365 which is backed by the free version of AzureAD. It supports multiple oauth2 authentication flows, but not the one in the auth_oauth module (it does but its quite a lot stricter so the implementation doesn't work and its overkill).Or else any other alternatives.Any resulting module will be published.______________________________
_________________
Mailing-List: http://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: http://odoo-community.org/groups?unsubscribe
--