GSOC 2022 - External Authentication Service
Summary
Move user authentication in a new project, using existing free software, providing modern authentication and identity services.
Description
Contributors of Open Food Facts have an account. Currently management of those accounts is directly implemented in ProductOpener. The systems lack some capabilities one would expect from a user friendly website or for user management, but it also lacks lots of capabilities for third party applications like OAuth would require.
Status: Selected for GSOC 2022, Planning
People:
- Landon Pattison (GSOC intern)
- User:Charlesnepote User:Alex-off (mentors)
Impact (why)
The goal of this project is to have more features for users and app developers, while keeping product opener code less complex (separation of concerns). Also possibly have less maintenance, thanks to a complete product.
Expected outcomes (what)
- This service should permit to handle authentication,
- We would like to change that to rely on an external service. However, as we really care for our user data, the service should be open source and hosted on our infrastructure.
- The mission consists in choosing such a service (eg. authentik, keycloak, ory, etc. ), deploying it (automating deployment), configuring and integrating it and writing documentation.
- You will also have to give a plan and scripts for users migration.
- The integration part might be the most challenging part, as it should be transparent to users for simple workflow. First goal is to have authentication done through it and to provide OAuth for app developers.
Timeline
- To be discussed
Resources / Contributing
- meeting minutes : https://docs.google.com/document/d/14HD_14qkBTK7MIV4BoWrK7WcRqjTtOeiyNk19bmGNG0/edit
- Initial proposal: https://summerofcode.withgoogle.com/media/user/df845b4d8ea2/proposal/WKWLQuV1MfIuuO25.pdf
Archives
- Previous attempt to integrate ORY Hydra in Product Opener by @hangy: https://github.com/openfoodfacts/openfoodfacts-server/pull/1714