Enabling OAuth2 login

Some settings use both plugins and the settings in the Django admin panel.

Create OAuth Project

First, create a Google API and Service project

  1. Go to the APIs and Services page: https://console.cloud.google.com/apis
  2. OAuth consent screen -> Create a project
  3. User type: Internal (limit it to our university Google accounts)
    • Can use external if you want to open it up to @gmail.com addresses
  4. Add credentials
    • Create credentials -> OAuth Client ID -> Web application

Additional documentation: https://developers.google.com/identity/sign-in/web/reference#gapiauth2clientconfig

Third-party Auth Plugin

Next, create the plugin using the client secret from the OAuth provider.

nano $(tutor plugins printroot)/third-party-auth.yml

Plugin contents:

name: third-party-auth
version: 1.0.0
  common-env-features: |
  openedx-auth: |
    "SOCIAL_AUTH_OAUTH_SECRETS": {"google-oauth2": "client-secret-from-google"}
  lms-env: |
    "THIRD_PARTY_AUTH_BACKENDS": ["social_core.backends.google.GoogleOAuth2"]

Configure OAuth Provider in Django

Lastly, go to “Provider Configuration (OAuth)” in your Django admin panel:

  1. Login at https://edx.example.com/admin
  2. Navigate to Home › Third-party authentication › Provider Configuration (OAuth)
    • The direct URL: https://edx.example.com/admin/third_party_auth/oauth2providerconfig/
  3. Click ADD PROVIDER CONFIGURATION (OAUTH) to add your provider.

Configure the provider based on your needs. We use these settings:

  • Icon class: fa-google
  • Skip registration form
  • Skip email verification
  • Send welcome email
  • Visible
  • Backend name: google-oauth2
  • Client ID: Enter client ID from the OAuth2 provider
  • Client Secret: (leave blank! The value is in the plugin.)

Use the Enabled checkbox at the top of the page to enable or disable the OAuth2 login button.