Google Summer of Code Development: Single Sign-On

[Editor’s note:  Vaibhav Ahlawat was a Google Summer of Code 2012 student at the Concord Consortium.]

At any time, the Concord Consortium runs a number of small research projects and large scale-up projects, but in the past we built each system separately and each required a separate login. Want to teach your fourth graders about evolution? Great. Log in at the Evolution Readiness portal. Wait, you also teach your students about the cloud cycle? That requires logging in at the Universal Design for Learning (UDL) portal.

Clearly, some students and educators find value across different projects, and my goal is to make it a little easier for them to sign in just once and get access to the myriad great resources at the Concord Consortium for teaching science, math and engineering. As a Google Summer of Code student, I’m working under the guidance of Scott Cytacki, Senior Software Developer, to bring different projects under a single authentication system or, in the language of software development, a Single Sign-On.

Single Sign-On will allow both students and teachers to login across different projects with a single username and password, doing away with the need to remember multiple usernames and passwords. They’ll be able to move seamlessly among projects and find the resources they need to teach and learn. I’m also working on code that will allow students and teachers to sign up and login to Concord Consortium’s portals with their existing Google+ or Facebook accounts.

For those who want technical details, read on.

I’m working on moving from Restful Authentication to Devise, both of which are authentication solutions for Rails. These days, Devise is the preferred one among the Rails community and it makes things like password resetting and confirmation email pretty easy. Once we are done with this conversion, adding the support for signup and login using Facebook and Google+ accounts should be simple. For example, to add support for Google Oauth2 authorization protocol, all we have to do is add a gem named omniauth with Oauth2 strategy, which works brilliantly with Devise, then write a couple of functions.

Here’s a snippet of my code, which adds google oauth2 support to Devise

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
    def google_oauth2
 
    # The User.find_for_google_oauth2 method also needs to be implemented.
    # It looks for an existing user by e-mail, or creates one with a random password
    @user = User.find_for_google_oauth2(request.env["omniauth.auth"], current_user)
 
    if @user.persisted?
      flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Google"
      sign_in_and_redirect @user, :event => :authentication
    else
      session["devise.google_data"] = request.env["omniauth.auth"]
      redirect_to new_user_registration_url
    end
  end
end

Including support for authentication using the Facebook API can be done simply. Support for Oauth, which is used by many learning management systems, is provided, making integration far more easier than it was before.

I’m happy to help make it easier for Concord Consortium’s resources to be used by many more people.
— By Vaibhav Ahlawat