I am integrating OpenEdX with my Laravel application, and I want to redirect a logged-in user from my app to the OpenEdX platform without requiring them to log in again.
My Current Setup:
My app authenticates users with email and password.
I can obtain a token using client_id and client_secret.
I want to redirect the user to the OpenEdX app (mobile or web) already authenticated.
Possible Approaches I’m Considering:
Using JWT authentication:
Generate a JWT in Laravel and send it as a query parameter to OpenEdX.
OpenEdX validates the JWT and logs in the user.
Using OAuth2 authentication:
Redirect the user to OpenEdX’s OAuth2 login endpoint with client_id.
Obtain an access token and authenticate the user automatically.
My Questions:
Does OpenEdX support JWT-based login via URL?
What is the best way to achieve seamless authentication between my app and OpenEdX?
If OAuth2 is the best approach, how can I handle the redirection properly?
@douglasbbs, regarding the seamless OAuth2 experience, you can use one of the following approaches:
The /auth/idp_redirect/<slug:provider_slug> view.
This way, you can redirect users from your Laravel application to Open edX by crafting the URLs like https://your.site/auth/idp_redirect/oa-laravel?next=/courses/course-v1:edX%2BDemoX%2BDemo_Course/course. The learners will be automatically redirected to your SSO page and then redirected to the value provided in the next query param.
The downside of this approach is that accessing the Open edX instance directly through the URL will require them to go to the sign-in page if they get logged out (i.e., going directly to a “regular” Open edX URL will not automatically redirect them to the page with OAuth2).
If you want to use only the SSO auth, you can consider using the Hinted Sign In functionality. To avoid manually adding the tpa_hint to every request, you can specify it directly in setttings.FEATURES or SiteConfigurations.
Combining this approach with the previous one will simplify the process for unauthenticated users who access the Open edX directly from the URL - in this case, they will be redirected to your SSO once they press the “Sign In” button. Otherwise, they would need to manually choose the SSO provider on the login page.
If you’d like to have an entirely seamless authentication experience, you can consider using a middleware like the one provided in this plugin that redirects all unauthenticated users to a pre-defined SSO. However, please note that this solution is seamless only for the “legacy” Open edX pages, as it does not support the redirections from MFEs. For the MFEs, you would likely need to implement a custom header component or use a plugin slot to inject some code that would handle the redirections.
I’m integrating OpenEdX with my Laravel application and trying to set up seamless authentication, but I’m facing some issues and I’d appreciate some guidance. I’m using this project GitHub - open-craft/edx-oauth-client to create mine.
My Goal:
I want to redirect a logged-in user from my Laravel app to the OpenEdX platform without requiring them to log in again.
Current Setup:
My Laravel app authenticates users with email and password.
I can obtain an access token using client_id and client_secret.
I want the user to access OpenEdx web already authenticated.
What I’ve Tried:
I tried to create a custom plugin in OpenEdX using from social_core.backends.oauth import BaseOAuth2, following the documentation. However, my module isn’t being recognized after installation.
Despite these settings, the backend isn’t recognized, and I’m unsure what I’m missing.
ModuleNotFoundError: No module named ‘laravel_oauth2’
Questions:
How can I properly register my custom OAuth2 backend so that OpenEdX recognizes it?
I noticed the sumac backen IdentityServer3 in the OpenEdX code. How this solve my case without requiring custom development? If so, how can I configure it?
I want to avoid using SAML because I need to work with templates.
Would LTI solve my problem? How does it relate to SSO in OpenEdX?
The OpenEdX documentation seems outdated — are there any reliable resources or example implementations I could consult?
I feel your pain, particularly with the docs being misleading. I am working on the assumption that I can subclass BaseOAuth2 in a plugin but I have no idea how to reference the plugin from a setting, so that LMS can find it.
I don’t really know what setting I can use either. The docs and discussions say both AUTHENICATION_BACKENDS and THIRD_PARTY_AUTH_BACKENDS, with no information on how to set them, where to set them and what the format should be.
Current my plugin file looks like this:
from tutor import hooks
from social_core.backends.oauth import BaseOAuth2
class OCSOAuth2(BaseOAuth2):
"""LCO OCS OAuth authentication backend"""
name = 'lco-ocs'
AUTHORIZATION_URL = 'https://<my_provider>/o/authorize/'
ACCESS_TOKEN_URL = 'https://<my_provider>/api/api-token-auth/'
ACCESS_TOKEN_METHOD = 'POST'
hooks.Filters.ENV_PATCHES.add_items(
[
# Stop email activation because emails are not working
(
"openedx-common-settings",
"FEATURES['ENABLE_THIRD_PARTY_AUTH'] = True"
)
]
)
hooks.Filters.CONFIG_DEFAULTS.add_items(
[
("THIRD_PARTY_AUTH_BACKENDS",
"social_core.backends.oauth.BaseOAuth2"
)
]
)
Just a friendly note that the docs are open source! If you find docs that are out of date please submit a pull request to update them, so others can benefit from your experience!
I would happily do that, if I knew what the solution was. OpenEdx has a release cycle of 6 months, which has left the docs out of date. The people who are making the releases need to provide updated docs. Otherwise people like myself will be left completely adrift.