Enable Third-Party Authentication (OAuth2) in Open edX

Open edX Platform allows you to integrate third-party authentication with two kinds of authentication providers:

• OAuth2 Identity Providers.
• SAML Identity Providers

This section describes how to integrate Open edX with two of the most popular OAuth2 providers: Google and Facebook.

Integrate Open edX With Google

Step 1: Register The Open edX Site With Google

1. Navigate to the Google Developers Console.
2. Select an existing project or create a new one.
3. Search and select the “Google+ API” in the Google APIs list and press the “Enable API” button.
4. Under “API Manager” sidebar, select “Overview -> Create Credentials”.
5. Select “OAuth consent screen”, for user type select “External” and click “Create”
6. Fill the “Application name” field with the value your application name.
7. Select “Credentials -> Create Credentials”, and then select “OAuth client ID”.
8. For Application type, select “Web application”, choose a “Name” for your client ID and leave the “Authorized JavaScript origins” field blank.
9. Fill the “Authorized redirect URI” field with the value http://SERVER-IP/auth/complete/google-oauth2/. SERVER-IP is a placeholder, please, replace it with the actual domain of your Open edX server.
10. Press the “Create” button and note down “Client ID” and the “Client secret”.

Step 2: Configure Open edX

1. Log in to the server console.
2. Navigate to the /edx/app/edxapp/ directory if using Open edX native, if using Bitnami Open edX Navigate to the /opt/bitnami/apps/edx/conf directory.
3. Modify the lms.env.json file and set FEATURES ENABLE_THIRD_PARTY_AUTH and ENABLE_COMBINED_LOGIN_REGISTRATION to True.
4. Modify the lms.auth.json file and set SOCIAL_AUTH_OAUTH_SECRETS as described below:

NOTE: Remember to replace the CLIENT_SECRET placeholder in the example below with the Client secret you noted down previously.

"SOCIAL_AUTH_OAUTH_SECRETS": {
    "google-oauth2": "CLIENT_SECRET"
}

5. Restart LMS.
6. Access the Django administration console.
7. Browse to “Third Party Auth -> Provider Configuration (OAuth2)”.
8. Select “Add Provider Configuration (OAuth)”.
9. Mark “Enabled” and “Visible” checkbox.
10. Set “Icon Class” to “fa-google-plus”.
11. Set “Name” to “Google”.
12. Set “Backend Name” and “Provider slug” to “google-oauth2”.

IMPORTANT: Remember that both the “Name” and the “Backend Name” fields must match.

13. Set “Client ID” to the “Client ID” you noted down previosuly and leave the “Client secret” field blank.
14. Click the “Save” button.

Integrate Open edX With Facebook

Step 1: Register The Open edX Site With Facebook

1. Sign in to Facebook, then go to the Facebook for Developers page.

2. Select “Add a New App -> For Everything Else”.

3. Enter a name for the app and mail address, and then select “Create New Facebook App ID”.

4. Browse to “Settings -> Basic”.

5. Note down the “App ID” and “App Secret”.

6. Set Display Name.

7. In the “App Domains” field, enter the actual domain of your Open edX server (for example, localhost).

8. Select “Add Platform”, and then select “Website”.

9. Fill the “Site URI” field with the value http://SERVER-IP/. SERVER-IP is a placeholder, please, replace it with the actual domain of your Open edX server.

10. Browse to “Products (+) -> Facebook Login -> Settings”, fill the “Valid OAuth Redirect URIs”field with the value http://SERVER-IP/auth/complete/facebook/. SERVER-IP is a placeholder, please, replace it with the actual domain of your Open edX server.

11. Click “Save Changes” button.

Step 2: Configure Open edX

1. Log in to the server console.
2. Navigate to the /edx/app/edxapp/ directory if using Open edX native, if using Bitnami Open edX Navigate to the /opt/bitnami/apps/edx/conf directory.
3. Modify the lms.env.json file set FEATURES ENABLE_THIRD_PARTY_AUTH and ENABLE_COMBINED_LOGIN_REGISTRATION to True.
4. Modify the lms.auth.json file and set SOCIAL_AUTH_OAUTH_SECRETS as described below:

NOTE: Remember to replace the CLIENT_SECRET placeholder in the example below with the Client secret you noted down previously.

    "SOCIAL_AUTH_OAUTH_SECRETS": {
        "facebook": "CLIENT_SECRET"
    }

5. Restart LMS.
6. Access the Django administration console.
7. Browse to “Third Party Auth -> Provider Configuration (OAuth2)”.
8. Select “Add Provider Configuration (OAuth)”.
9. Mark “Enabled” and “Visible” checkbox.
10. Set “Icon Class” to “fa-facebook”.
11. Set “Name” to “Facebook”.
12. Set “Backend Name” and “Provider slug” to “facebook”.

IMPORTANT: Remember that both the “Name” and the “Backend Name” fields must match.

11. Set “Client ID” to the “Client ID” you noted down previously and leave the “Client secret” field blank.

12. Enter the following code into “Other settings”.

{
    "SCOPE": ["email"],
    "PROFILE_EXTRA_PARAMS": {
        "fields": "id, name, email"
    }
}    

13. Click the “Save” button.

Notes

When I enable this, I use Open edX version ironwood.master and Google Sign In Error 403 because deprecated Google+ API. For fix this issue, need upgrade the package versions to social-auth-app-django==3.1.0 and social-auth-core==3.2.0 using command:

$ sudo /edx/bin/pip.edxapp install social-auth-app-django==3.1.0 social-auth-core==3.2.0

References

• Enable Third-Party Authentication
• Social Authentication — Open Edx
• Open edX discussions