I spawned an instance of this AMI:
aws-marketplace/tutor-v15.0.0-dc91f585-6f99-4dff-930d-db0b139892a8
To test out OpenEDX as a corporate training system for our staff. Really love how fast and easy it was to get it up and running.
But.
We use Google Workspace, so I want to enable Oauth2 for our staff, so they dont need to create “yet another” user ID for the training system.
I found what I thought were the correct instructions.
The first part, to setup OAuth2 credentials in our Workspace account went well. But when it says to edit the file lms.yml I ran into a problem: where is this file?
Elsewhere I learned to use this command to locate the config folder: tutor config printroot
Which gave me: /home/tutor/.local/share/tutor
I found what (by contents) looks like the file, but with a different name: ~/.local/share/tutor/env/apps/openedx/config/lms.env.yml
The next step is to ENABLE ENABLE_THIRD_PARTY_AUTH. But it is already enabled.
The next step is to edit the THIRD_PARTY_AUTH_BACKENDS list, if present. It is not, but the other variables mentioned are not present either.
The next step would be to add the Google secret. I stopped and aborted at this point to come here and verify I am doing this right.
It makes me profoundly nervous when what I see differs too much from what the guide predicted.
You can find and add new plugins at tutor plugins printroot. You can also see all the enabled plugins by using the command tutor plugins list.
Since ENABLE_THIRD_PARTY_AUTH is already enabled, you don’t have to do anything on that. The next thing you are asked to do in the documentation which you have mentioned is to add the Google OAuth Client secret into the lms.env.yml file. Once you add that, all you have to do is, Add the Provider Configuration as you mentioned above. Please note that the client_id you provide at **LMS URI/admin/third_party_auth/oauth2providerconfig/** should be the one that matches the client_secret you have provided in the lms.env.yml file.
To create a plugin, do the following:
Go to tutor plugins directory using cd $(tutor plugins printroot)
If it doesn’t exist, create a folder named tutor-plugins in the same place where your tutor folder is.
Then create a yml file as a plugin (Eg: nano oauthconfig.yml)
Paste the code below into the file by substituting the client_secret
Enable the plugin, save your config file and relaunch your openedx
Thanks! Good to know I was heading down the right rabbit hole.
I saw older docs talking about making a plugin shell for the secret. The docs I’m following - which I think are for the latest version (15) are different.
The section " Add the Provider Configuration" had me put that same info into a db. They also mention you can put the secret here as well, instead of the yml file. Which I did because at that time I was not certain I had found the right ylm file. I see in your post you refer to it by the name I found, so I assume I did find the right one.
I’m starting to wonder if I have a problem with my domain. My test is for a client on domain A, but I am using my company DNS (domain B) - not the same root domain as my client. I am suspicious Google is balking at that.
So I plan to redo the DNS on the clients domain, see if it likes that.
Unless you can tell me I still have a configuration problem?