Hi,
We are in the process of migrating our LMS to OpenEdx which seems to be a great option for us. LMS is just one part of our platform. We are trying to make the auth flow seamless for the users.
The problem statement is: We want the users to be authenticated when they come on OpenEdx from our platform(only if the user is already logged in on our platform)
Sample flow
The above diagram shows our sample architecture.
Note:
- All these will be on the same domain(different sub-domains).
- Platform X and Y use the same database, but OpenEdx will use a separate database.
After going through the SSO features that OpenEdx provides, I was not able to come up with a solution that would solve my problem(I agree this might be a particular case).
If i am missing something here, please share the particular resource.
Possible solution i came up with
Share cookies across our domain(SESSION_COOKIE_DOMAIN = "example.com") and adding a Django middleware that performs the following functions:
- Checks if the user is authenticated(request.user.is_authenticated). If authenticated does nothing.
- If not authenticated make a request to platform X(a private API/URL which can be used to exchange some basic user info) which passes the session along with the request. if we receive the user info then get_or_create(**user_infor) and log in the user.
Here’s the pseudocode of the middleware:
class CustomAuthMiddleware:
def __call__(self, request, *args: Any, **kwds: Any) -> Any:
if request.user.is_authenticated:
pass
else:
user_info = requests.GET(
"https://example.com/private-api/get-user", headers=get_request_session_headers(request) + {"Authorization": "Bearer Token"})
if user_info:
user_exists = user.objects.get(email=user_info.get("email"))
if user_exists:
login(request, user_exists)
else:
create_user(user_info)
login(request, user_exists)
else:
redirect_to_platform_x_login()
response = self.get_response(request)
return response
If you guys see any kind of flaws in this case. Please do share them.