External authentication service

From Open Food Facts wiki

Project 6: Setup an external authentication service

Description:

Contributors of Open Food Facts have an account. Currently management of those accounts is directly implemented in ProductOpener. The systems lack some capabilities one would expect from a user friendly website or for user management, but it also lacks lots of capabilities for third party applications like OAuth would require.

We would like to change that to rely on an external service. However, as we really care for our user data, the service should be open source and hosted on our infrastructure.

The goal of this project is to have more features for users and app developers, while keeping product opener code less complex (separation of concerns). Also possibly have less maintenance, thanks to a complete product.

Expected outcomes:

  • This service should permit to handle authentication,
  • The mission consists in choosing such a service (eg. authentik, keycloak, ory, etc. ), deploying it (automating deployment), configuring and integrating it and writing documentation.
  • You will also have to give a plan and scripts for users migration.
  • The integration part might be the most challenging part, as it should be transparent to users for simple workflow. First goal is to have authentication done through it and to provide OAuth for app developers.
  • Skills required/preferred: open to any
  • Slack channels: #product-opener
  • Potential mentors: Alex Garel, Johannes A. (hangy)
  • Project duration: 350h
  • Difficulty rating: Medium