SlideShare a Scribd company logo

Authentication options for Open edX: focus on OAuth and OpenID

Frederik Questier, profile picture
Frederik Questier

The document provides an overview of authentication options for Open edX, focusing on federated identity management through protocols such as OAuth and OpenID. It highlights the importance of identifying users through various supported identity providers, including Google and Facebook, and discusses the evolution of these technologies. Recommendations are made for institutions to choose appropriate identity providers and reference Open edX manuals for further guidance.

Education
Related topics:
Educational Technology
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Federated identity: a technological overview (part II/II) Authentication options for Open edX: focus on OAuth and OpenID Prof. dr. Frederik Questier Vrije Universiteit Brussel Presented at Universidade de Vigo, Spain, April 2018 Project No. 573583-EPP-1-2016-1-ES-EPPKA2-CBHE-SP (2016-2558/001-001)
Who needs access to your Open edX server?
Who needs access to your Open edX server?
Who do you need to authenticate / identify? ➢ Authentication: could be self-registration ➢ Identification: real name
Authentication options for Open edX: focus on OAuth and OpenID
Authentication options for Open edX: focus on OAuth and OpenID
Authentication options for Open edX: focus on OAuth and OpenID
Authentication options for Open edX: focus on OAuth and OpenID
Authentication options for Open edX: focus on OAuth and OpenID
Open edX ➢ Supported Identity Providers ➢ OAuth2, OAuth1 ➢ Google, Facebook, LinkedIn, Microsoft Azure AD (365),… ➢ SAML 2 / Shibboleth ➢ Learning Tools Interoperability (LTI) ➢ Provisionally Supported Identity Providers ➢ OpenID ➢ Apache-hosted Shibboleth ➢ SSL client certificates ➢ Central Authentication Service (CAS)
Open standards Development history 2005 2007 2012 2014 OpenID OpenID2 OpenID Connect Oauth OAuth2
is an authentication layer on top of
Authentication options for Open edX: focus on OAuth and OpenID
Use cases designed for? ➢ OpenID ➢ Federated authentication ➢ Login at site B with your credentials from site A (identity provider) without giving B your password. ➢ E.g. login at edX by verifying at Google. ➢ Oauth ➢ Delegated authorization ➢ Authorize app/site B to access your data at site A without giving B your password. ➢ E.g. allow mobile edX app access to your edX server data
In practice, also by Open edX, ... ➢ OAuth is often abused for pseudo-authentication ➢ Possible ➢ But requires custom code for each authorization provider. ➢ Well known for the famous ones like Google and Facebook ➢ Provided by Open edX
Here is the Here you go Google – The Identity Provider Here is the Here you go Google – The Identity Provider OpenID Authentication vs. Pseudo-Authentication using OAuth adapted from a drawing by @_nat_en *valet key = limited scope OAuth Token & the API Provider Who are YOU? Send me a notarized referral letter. Give me the valet key* to your house (account) so that I know you are the owner of the house Please issue me a valet key* for the core APIs valet key* certificate Please write a referral stating that I'm user@gmail name: Real Name email: user@gmail notary: Google name: Real Name email: user@gmail notary: Google
OpenID = user-centric :) ➢ Dream: login everywhere with your preferred identity provider or with your own URL ➢ e.g. login by writing “http://questier.com“ ➢ = my server that runs openid identity server ➢ or that has rel-link to http://questier.myopenid.com
The user-centric dream killed :( ➢ 2014 MyOpenID shuts down ➢ Facebook OpenID connect → Facebook Connect ➢ 2018 Stackexchange OpenID support shuts down
Authentication options for Open edX: focus on OAuth and OpenID
Authentication options for Open edX: focus on OAuth and OpenID
Recommendation 1 Check which of these Open edX solutions fit your institutional identity provider ➢ Supported Identity Providers ➢ OAuth2, OAuth1 ➢ Google, Facebook, LinkedIn, Microsoft Azure AD (365),… ➢ SAML 2 / Shibboleth ➢ Learning Tools Interoperability (LTI) ➢ Provisionally Supported Identity Providers ➢ OpenID ➢ Apache-hosted Shibboleth ➢ SSL client certificates ➢ Central Authentication Service (CAS)
Recommendation 2 Check Open edX manual
Recommendation 3 Consider if you want to identify MarMOOC members or others
Additional copyright credits ➢ https://commons.wikimedia.org/wiki/File:OpenIDvs.Pseudo-AuthenticationusingOAuth.svg CC0 ➢ Social Icons by Iconshock http://www.iconshock.com/social-icons/
This presentation was made with 100% Free Software No animals were harmed Questier.com Frederik AT Questier.com www.linkedin.com/in/fquestie www.diigo.com/user/frederikquestier www.slideshare.net/Frederik_Questier Q uestions? Merci!

More Related Content

PPT
An Introduction to OpenID
Max Manders
 
PDF
Open learning Experiences from the MarMOOC project
Frederik Questier
 
PPTX
Intro to OAuth2 and OpenID Connect
LiamWadman
 
PDF
EduID Mobile App - Use-Cases, Concepts and Implementation
Christian Glahn
 
PDF
OAuth Base Camp
Oliver Pfaff
 
PPTX
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Jason Robert
 
PDF
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
PPTX
Y U No OAuth?!?
Jason Robert
 
An Introduction to OpenID
Max Manders
 
Open learning Experiences from the MarMOOC project
Frederik Questier
 
Intro to OAuth2 and OpenID Connect
LiamWadman
 
EduID Mobile App - Use-Cases, Concepts and Implementation
Christian Glahn
 
OAuth Base Camp
Oliver Pfaff
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Jason Robert
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
Y U No OAuth?!?
Jason Robert
 

Similar to Authentication options for Open edX: focus on OAuth and OpenID (20)

PDF
OpenID Connect 4 SSI (at EIC 2021)
Torsten Lodderstedt
 
PDF
Comment ça marche: OpenID Connect fournisseur d’identité universel de Google ...
Leonard Moustacchis
 
PPT
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
PDF
OpenID Connect Explained
Vladimir Dzhuvinov
 
PDF
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
PDF
OpenID for SSI
Torsten Lodderstedt
 
PDF
OpenID 4 Verifiable Credentials + HAIP (Update)
Torsten Lodderstedt
 
PDF
Secure your APIs using OAuth 2 and OpenID Connect
Nordic APIs
 
PDF
Access Management for Cloud and Mobile
ForgeRock
 
PDF
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
PDF
Introduction to SAML & OIDC
ForgeRock Identity Tech Talks
 
PDF
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
 
PPTX
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
PDF
OAuth 2.0 and OpenID Connect
Jacob Combs
 
PPTX
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
PDF
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
PDF
OAuth with OAuth.io : solving the OAuth Fragmentation for Identity Management...
Mehdi Medjaoui
 
PDF
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 
PPTX
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
PPTX
DDD Melbourne 2019 : Modern Authentication 101
Dasith Wijesiriwardena
 
OpenID Connect 4 SSI (at EIC 2021)
Torsten Lodderstedt
 
Comment ça marche: OpenID Connect fournisseur d’identité universel de Google ...
Leonard Moustacchis
 
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
OpenID Connect Explained
Vladimir Dzhuvinov
 
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
OpenID for SSI
Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
Torsten Lodderstedt
 
Secure your APIs using OAuth 2 and OpenID Connect
Nordic APIs
 
Access Management for Cloud and Mobile
ForgeRock
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
Introduction to SAML & OIDC
ForgeRock Identity Tech Talks
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
 
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
OAuth 2.0 and OpenID Connect
Jacob Combs
 
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
OAuth with OAuth.io : solving the OAuth Fragmentation for Identity Management...
Mehdi Medjaoui
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
DDD Melbourne 2019 : Modern Authentication 101
Dasith Wijesiriwardena
 
Ad

More from Frederik Questier (20)

PDF
Free Libre Open Source Software Development
Frederik Questier
 
PDF
OER & Copyrights
Frederik Questier
 
PDF
Plagiarism prevention and detection
Frederik Questier
 
PDF
FLOSS strategies & policies
Frederik Questier
 
PDF
Computer & Data Security
Frederik Questier
 
PDF
Open e-learning - MarMOOC experiences - Cuba
Frederik Questier
 
PDF
Open learning experiences from the MarMOOC project presented at BDU
Frederik Questier
 
PDF
Open learning Experiences from the MarMOOC project (presented at UHo)
Frederik Questier
 
PDF
FLOSS development
Frederik Questier
 
PDF
E-learning design models - Primer for (educational) technologists
Frederik Questier
 
PDF
MOOCs & Openness
Frederik Questier
 
PDF
New learning paradigms and learning technologies
Frederik Questier
 
PDF
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Frederik Questier
 
PDF
Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Frederik Questier
 
PDF
Institutional strategies for educational innovation and e-learning
Frederik Questier
 
PDF
New learning paradigms and technologies
Frederik Questier
 
PDF
Free & Open Source Software (2017 update)
Frederik Questier
 
PDF
Challenges for 21st century education and blended learning
Frederik Questier
 
PDF
FLOSS & OER
Frederik Questier
 
PDF
(Disruptive) innovations: education and society
Frederik Questier
 
Free Libre Open Source Software Development
Frederik Questier
 
OER & Copyrights
Frederik Questier
 
Plagiarism prevention and detection
Frederik Questier
 
FLOSS strategies & policies
Frederik Questier
 
Computer & Data Security
Frederik Questier
 
Open e-learning - MarMOOC experiences - Cuba
Frederik Questier
 
Open learning experiences from the MarMOOC project presented at BDU
Frederik Questier
 
Open learning Experiences from the MarMOOC project (presented at UHo)
Frederik Questier
 
FLOSS development
Frederik Questier
 
E-learning design models - Primer for (educational) technologists
Frederik Questier
 
MOOCs & Openness
Frederik Questier
 
New learning paradigms and learning technologies
Frederik Questier
 
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Frederik Questier
 
Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Frederik Questier
 
Institutional strategies for educational innovation and e-learning
Frederik Questier
 
New learning paradigms and technologies
Frederik Questier
 
Free & Open Source Software (2017 update)
Frederik Questier
 
Challenges for 21st century education and blended learning
Frederik Questier
 
FLOSS & OER
Frederik Questier
 
(Disruptive) innovations: education and society
Frederik Questier
 
Ad

Recently uploaded (20)

PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
Presentation on HIE in infants and its manifestations
joghikamal786
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Institutional Correction lecture only . . .
limvtheghins
 
Presentation on HIE in infants and its manifestations
joghikamal786
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
master seminar digital applications in india
ananyaray35
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
RMMM.pdf make it easy to upload and study
sajedul2
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 

Authentication options for Open edX: focus on OAuth and OpenID

  • 1. Federated identity: a technological overview (part II/II) Authentication options for Open edX: focus on OAuth and OpenID Prof. dr. Frederik Questier Vrije Universiteit Brussel Presented at Universidade de Vigo, Spain, April 2018 Project No. 573583-EPP-1-2016-1-ES-EPPKA2-CBHE-SP (2016-2558/001-001)
  • 2. Who needs access to your Open edX server?
  • 3. Who needs access to your Open edX server?
  • 4. Who do you need to authenticate / identify? ➢ Authentication: could be self-registration ➢ Identification: real name
  • 10. Open edX ➢ Supported Identity Providers ➢ OAuth2, OAuth1 ➢ Google, Facebook, LinkedIn, Microsoft Azure AD (365),… ➢ SAML 2 / Shibboleth ➢ Learning Tools Interoperability (LTI) ➢ Provisionally Supported Identity Providers ➢ OpenID ➢ Apache-hosted Shibboleth ➢ SSL client certificates ➢ Central Authentication Service (CAS)
  • 11. Open standards Development history 2005 2007 2012 2014 OpenID OpenID2 OpenID Connect Oauth OAuth2
  • 12. is an authentication layer on top of
  • 14. Use cases designed for? ➢ OpenID ➢ Federated authentication ➢ Login at site B with your credentials from site A (identity provider) without giving B your password. ➢ E.g. login at edX by verifying at Google. ➢ Oauth ➢ Delegated authorization ➢ Authorize app/site B to access your data at site A without giving B your password. ➢ E.g. allow mobile edX app access to your edX server data
  • 15. In practice, also by Open edX, ... ➢ OAuth is often abused for pseudo-authentication ➢ Possible ➢ But requires custom code for each authorization provider. ➢ Well known for the famous ones like Google and Facebook ➢ Provided by Open edX
  • 16. Here is the Here you go Google – The Identity Provider Here is the Here you go Google – The Identity Provider OpenID Authentication vs. Pseudo-Authentication using OAuth adapted from a drawing by @_nat_en *valet key = limited scope OAuth Token & the API Provider Who are YOU? Send me a notarized referral letter. Give me the valet key* to your house (account) so that I know you are the owner of the house Please issue me a valet key* for the core APIs valet key* certificate Please write a referral stating that I'm user@gmail name: Real Name email: user@gmail notary: Google name: Real Name email: user@gmail notary: Google
  • 17. OpenID = user-centric :) ➢ Dream: login everywhere with your preferred identity provider or with your own URL ➢ e.g. login by writing “http://questier.com“ ➢ = my server that runs openid identity server ➢ or that has rel-link to http://questier.myopenid.com
  • 18. The user-centric dream killed :( ➢ 2014 MyOpenID shuts down ➢ Facebook OpenID connect → Facebook Connect ➢ 2018 Stackexchange OpenID support shuts down
  • 21. Recommendation 1 Check which of these Open edX solutions fit your institutional identity provider ➢ Supported Identity Providers ➢ OAuth2, OAuth1 ➢ Google, Facebook, LinkedIn, Microsoft Azure AD (365),… ➢ SAML 2 / Shibboleth ➢ Learning Tools Interoperability (LTI) ➢ Provisionally Supported Identity Providers ➢ OpenID ➢ Apache-hosted Shibboleth ➢ SSL client certificates ➢ Central Authentication Service (CAS)
  • 23. Recommendation 3 Consider if you want to identify MarMOOC members or others
  • 24. Additional copyright credits ➢ https://commons.wikimedia.org/wiki/File:OpenIDvs.Pseudo-AuthenticationusingOAuth.svg CC0 ➢ Social Icons by Iconshock http://www.iconshock.com/social-icons/
  • 25. This presentation was made with 100% Free Software No animals were harmed Questier.com Frederik AT Questier.com www.linkedin.com/in/fquestie www.diigo.com/user/frederikquestier www.slideshare.net/Frederik_Questier Q uestions? Merci!