July 26, 2020

Enable Third-Party Authentication (OAuth2) Open edX

Open edX Platform allows you to integrate third-party authentication with two kinds of authentication providers:

This section describes how to integrate Open edX with two of the most popular OAuth2 providers: Google and Facebook.

Integrate Open edX With Google

Step 1: Register The Open EdX Site With Google

-) Navigate to the Google Developers Console.

-) Select an existing project or create a new one.

-) Search and select the “Google+ API” in the Google APIs list and press the “Enable API” button.

-) Under “API Manager” sidebar, select “Overview -> Create Credentials”.

-) Select “OAuth consent screen”, for user type select “External” and click “Create”

-) Fill the “Application name” field with the value your application name.

-) Select “Credentials -> Create Credentials”, and then select “OAuth client ID”.

-) For Application type, select “Web application”, choose a “Name” for your client ID and leave the “Authorized JavaScript origins” field blank.

-) Fill the “Authorized redirect URI” field with the value http://SERVER-IP/auth/complete/google-oauth2/. SERVER-IP is a placeholder, please, replace it with the actual domain of your Open edX server.

-) Press the “Create” button and note down “Client ID” and the “Client secret”.

Step 2: Configure Open EdX

-) Log in to the server console.

-) Navigate to the /edx/app/edxapp/ directory If using Bitnami Open edX Navigate to the /opt/bitnami/apps/edx/conf directory. If using Open edX

-) Modify the lms.env.json file and set FEATURES ENABLE_THIRD_PARTY_AUTH and ENABLE_COMBINED_LOGIN_REGISTRATION to True.

-) Modify the lms.auth.json file and set SOCIAL_AUTH_OAUTH_SECRETS as described below:

NOTE: Remember to replace the CLIENT_SECRET placeholder in the example below with the Client secret you noted down previously.

"SOCIAL_AUTH_OAUTH_SECRETS": {
    "google-oauth2": "CLIENT_SECRET"
}

-) Restart LMS.

-) Access the Django administration console.

-) Browse to “Third Party Auth -> Provider Configuration (OAuth2)”.

-) Select “Add Provider Configuration (OAuth)”.

-) Mark “Enabled” and “Visible” checkbox.

-) Set “Icon Class” to “fa-google-plus”.

-) Set “Name” to “Google”.

-) Set “Backend Name” and “Provider slug” to “google-oauth2”.

IMPORTANT: Remember that both the “Name” and the “Backend Name” fields must match.

-) Set “Client ID” to the “Client ID” you noted down previosuly and leave the “Client secret” field blank.

-) Click the “Save” button.

Integrate Open edX With Facebook

Step 1: Register The Open EdX Site With Google

-) Sign in to Facebook, then go to the Facebook for Developers page.

-) Select “Add a New App -> For Everything Else”.

-) Enter a name for the app and mail address, and then select “Create New Facebook App ID”.

-) Browse to “Settings -> Basic”.

-) Note down the “App ID” and “App Secret”.

-) Set Display Name.

-) In the “App Domains” field, enter the actual domain of your Open edX server (for example, localhost).

-) Select “Add Platform”, and then select “Website”.

-) Fill the “Site URI” field with the value http://SERVER-IP/. SERVER-IP is a placeholder, please, replace it with the actual domain of your Open edX server.

-> Browse to “Products (+) -> Facebook Login -> Settings”, fill the “Valid OAuth Redirect URIs”field with the value http://SERVER-IP/auth/complete/facebook/. SERVER-IP is a placeholder, please, replace it with the actual domain of your Open edX server.

-) Click “Save Changes” button.

Step 2: Configure Open EdX

-) Log in to the server console.

-) Navigate to the /opt/bitnami/apps/edx/conf directory.

-) Modify the lms.env.json file set FEATURES ENABLE_THIRD_PARTY_AUTH and ENABLE_COMBINED_LOGIN_REGISTRATION to True.

-) Modify the lms.auth.json file and set SOCIAL_AUTH_OAUTH_SECRETS as described below:

NOTE: Remember to replace the CLIENT_SECRET placeholder in the example below with the Client secret you noted down previously.

    "SOCIAL_AUTH_OAUTH_SECRETS": {
        "facebook": "CLIENT_SECRET"
    }

-) Restart LMS.

-) Access the Django administration console.

-) Browse to “Third Party Auth -> Provider Configuration (OAuth2)”.

-) Select “Add Provider Configuration (OAuth)”.

-) Mark “Enabled” and “Visible” checkbox.

-) Set “Icon Class” to “fa-facebook”.

-) Set “Name” to “Facebook”.

-) Set “Backend Name” and “Provider slug” to “facebook”.

IMPORTANT: Remember that both the “Name” and the “Backend Name” fields must match.

-) Set “Client ID” to the “Client ID” you noted down previously and leave the “Client secret” field blank.

-) Click the “Save” button.

Notes

When I enable this, I use Open edX version ironwood.master and Google Sign In Error 403 because deprecated Google+ API. For fix this issue, need upgrade the package versions to social-auth-app-django==3.1.0 and social-auth-core==3.2.0 using command:

$ sudo /edx/bin/pip.edxapp install social-auth-app-django==3.1.0 social-auth-core==3.2.0

References