Enabling OAuth2 login
Some settings use both plugins and the settings in the Django admin panel.
Create OAuth Project
First, create a Google API and Service project
- Go to the APIs and Services page: https://console.cloud.google.com/apis
- OAuth consent screen -> Create a project
- User type: Internal (limit it to our university Google accounts)
- Can use external if you want to open it up to @gmail.com addresses
- Add credentials
- Create credentials -> OAuth Client ID -> Web application
Additional documentation: https://developers.google.com/identity/sign-in/web/reference#gapiauth2clientconfig
Third-party Auth Plugin
Next, create the plugin using the client secret from the OAuth provider.
nano $(tutor plugins printroot)/third-party-auth.ymlPlugin contents:
name: third-party-auth
version: 1.0.0
patches:
common-env-features: |
"ENABLE_THIRD_PARTY_AUTH": true
openedx-auth: |
"SOCIAL_AUTH_OAUTH_SECRETS": {"google-oauth2": "client-secret-from-google"}
lms-env: |
"THIRD_PARTY_AUTH_BACKENDS": ["social_core.backends.google.GoogleOAuth2"]
Configure OAuth Provider in Django
Lastly, go to “Provider Configuration (OAuth)” in your Django admin panel:
- Login at
https://edx.example.com/admin - Navigate to
Home › Third-party authentication › Provider Configuration (OAuth)- The direct URL:
https://edx.example.com/admin/third_party_auth/oauth2providerconfig/
- The direct URL:
- Click
ADD PROVIDER CONFIGURATION (OAUTH)to add your provider.
Configure the provider based on your needs. We use these settings:
- Icon class: fa-google
- Skip registration form
- Skip email verification
- Send welcome email
- Visible
- Backend name: google-oauth2
- Client ID: Enter client ID from the OAuth2 provider
- Client Secret: (leave blank! The value is in the plugin.)
Use the Enabled checkbox at the top of the page to enable or disable the OAuth2 login button.