Maybe you should contact the project mentors, in order to get a feedback. Anyway, trying to build a SSO service from scratch, in 3 months, is a huge task even for an expert, let alone a student. I have done it a few years ago (in Drupal7) so I know how difficult it is. The libraries that you mention are not enough.
I would suggest that you try some existing implementions and select one of them. For example have a look at this list: https://en.wikipedia.org/wiki/List_of_single_sign-on_implementations Regards, Dashamir On Fri, Feb 16, 2018 at 1:40 PM, Himanshu Shekhar < [email protected]> wrote: > Hi, > > I am Himanshu Shekhar [1], an undergrad from IIIT-Allahabad, India. > I am studying Information Technology, am a polyglot programmer (prefers > Python, Golang and JavaScript) and have interned at SocialCops[2] (a > data-intelligence company) as a backend engineer last summer. > > I've been going through ideas proposed for GSOC'18 and stepped on this one. > > My institute requires me to use LDAP for authenticating on all sorts of > portals required. Being one of the mentors and coordinators at the > technical society of the institute, there are times where I have to > integrate some kind of portal to LDAP which I personally find horrible > because it is not HTTP and has a lot of restrictions from the campus proxy > server and firewall. > > As a result of this, I have been wanting to develop a generic SSO server > which can be deployed at website/premise without any hassle, something > which takes a config file for user database structure, some parameters and > does rest of the work over HTTP. > > ** What I pictured is an *open-source replica of Google Login* [3], with > same features - a central service which you have configured with the > information to collect for users who sign up and provide and applications > can use the service to authenticate and get the user's basic information. > The authorization part - scoping, limitations, is up to the client > application. The SSO server does authentication, and authorization is up to > the application server. > > Also, as a hobby project, I've been developing an API using Go and Gin > where I have implemented auth using JWT tokens [4] (both access and refresh > tokens), which is extremely simple in structure. > It does just one work - authenticating the required user from it's > database. > > Talking about the GSOC project, there are certain Oauth2 libraries for > Python, Golang, JavaScript which can be used to create the required service > over the top of it. I have listed the required links [5] at the end of > this email. > > Is this similar to what you have pictured for Debian and this GSOC? > Please let me know. I would be really happy to work on something which I > have been passionately wanting to make. > > References: > > [5] Oauth2 libraries : > Python : https://github.com/oauthlib/oauthlib > has implementations for Flask, Django, Bottle, Pyramid (mentioned > in Readme). > > Golang : > Hydra : https://github.com/ory/hydra > Osin : https://github.com/RangelReale/osin > > [1] Himanshu Shekhar > Github: https://github.com/himanshub16 > LinkedIn : https://linkedin.com/in/himanshub16 > > [2] SocialCops : https://socialcops.com > > [3] Google Login : https://developers.google.com/ > identity/sign-in/web/sign-in > > [4] JWT : https://jwt.io > > Regards, > Himanshu Shekhar >
