Skip to content

Instantly share code, notes, and snippets.

@rahul-y
Last active August 24, 2019 08:44
Show Gist options
  • Save rahul-y/5b2c812cec5e75e4b0688fd464e4e0d2 to your computer and use it in GitHub Desktop.
Save rahul-y/5b2c812cec5e75e4b0688fd464e4e0d2 to your computer and use it in GitHub Desktop.
Final report of the InterMine Single-Sign In project of GSoc 2019





Google Summer of Code 2019 Final Project Report -

Student Rahul Yadav
Github @rahul-y
Organisation InterMine
Project Single Sign In

Aim

This project's aim was to make InterMine an OAuth2.0 provider, A common sign-In mechanism for all 30 instances of InterMine. My main task was to develop an InterMine authorization server from scratch and configure it with the current login system of InterMine. This project's requirement was to make use of Spring Security.

I contributed to multiple repositories of InterMine within the 2019 Google Summer of Code period and my main contribution was towards the InterMine Authorization Server.

My contributions to InterMine repositories are listed below.

Student Rahul Yadav
Tasks Completed 08
Pull Requests 07
Commits 166
Issue Resolved 25
Blog Posts 02
Documentation JavaDoc
- README
- User Guide
- Tech Document

Repositories worked on: InterMine Authorization Server + InterMine

Task#1 : IM Auth Server Base App

  • Pull Request#1: Link
  • Commits: Link
  • Description: Aim of this task was to create a base for the new InterMine Authorization server. With this pull request we had a spring boot app, configured with postgresql database and working rest end points for access token and authorization code. Both endpoints were successfully generating token and code during OAuth2.0 flow. We also had a proper README file for the installation and working instructions.

Task#2 : Enhance security and Dynamic Client registration

  • Pull Request#2: Link
  • Commits: Link
  • Description: With this pull request, we had enhanced the security of IM auth server and added custom encryption algorithms and encoders for our passwords and other sensitive data, thus data became secure and stored as in ecnrypted form in the database. Also, with these new changes due to which a user was able to register a client with the help of rest endpoints and could also follow the updated instructions from the Readme file.

Task#3 : Custom User & Client registration via dashboard

  • Pull Request#3: Link
  • Pull Request#4: Link
  • Commits: Link1 Link2
  • Description: Aim of this task was to make a dashboard from which a user can login or register a new account as well as can register a client also. With these new changes, we had a dashboard from which a user can create an account or login in IM auth server and after login can also register a client which previously was only possible by making request on endpoints. A user could also access its client credentials generated by IM auth server via dashboard itself.

Task#4 : Custom JWT access token authorization

  • Pull Request#5: Link
  • Commits: Link
  • Description: Aim of this task was to add support of JWT(JSON WEB TOKEN) in IM auth server. With the help of JWT token we can encode our own custom additional details in the token itself. In IM auth server now access token in OAuth2.0 flow is converted in JWT token and this token is also used to provide additional information to client after decoding.

Task#5 : Client management solution

  • Pull Request#6: Link
  • Commits: Link
  • Description: Aim of this task was to find a solution by which a user can manage all its registered client on IM auth server. With this pull request, user can manage all its registered client via user dashboard and also can update,reset and delete them. With these new changes also no user can register any client which is already registered with IM auth server i.e custom validation added in the registration process.

Special Pull Request- Final Merge!!

This pull request consist of some major tasks which were most important and necessary.

  • Pull Request#7: Link
  • Commits(IM Auth Server): Link
  • Commits(InterMine): Link
  • Tasks: Migration, New User Interface & Cross-Domain SSO.

Sub-Task#1 : Migration Process

  • Description: Aim of this task was to find a solution for the user who already have an account on mines(Intermine instances). These new changes for the migration feature helps a user to merge old mine account with the new IM account. This tasks includes changes on both InterMine Authorization server and as well as on InterMine webapp too.With the help of migration feature a user can merge multiple accounts of different mines with the one single IM account.

Sub-Task#2 : New User Interface

  • Description: Aim of this task was to make an interative user interface of the InterMine authorization server. In this new user interface a user and as well as an admin both can interact with auth server very smoothly. This task final outputs were a homepage, user dashboard, admin dashboard & contact us page. A user can register and manage registered client via user dashboard and admin can control everything via admin dashboard.

Sub-Task#3 : Cross-Domain SSO(Single Sign On)

  • Description: Aim of this task was to add cross domain sso functionality for all the 30 mines with the common InterMine auth server. This new feature allows a user to logged in only once in a browser and will be automatically logged in to all other 29 mines i.e logged once, logged everywhere.

Documentation

Screenshots

Home Page
User Dashboard
User Registration Client Registration Client Management
Merge Pop Up Authorize Pop Up
Admin Dashboard

Challenges

Some of the major challenges along the way:

  • Spring security is very vast field and there's not much about OAuth2.0 custom implementation. A major challenge was to configure the spring OAuth2.0 for our custom need for which I had to do a lot of testing and it took a lot of time.
  • Migration functionality was very important to implement but for that I had to analyze internal flow of Spring OAuth2.0 security. So that it can be configured with InterMine webapp. I had a lot of discussion with my mentors on this problem and finally came up with a perfect solution.
  • Playing with session cookies is always a fun but when it comes to a cross domain authentication using them then they becomes a nightmare. I did a lot of investigation on this and failed many times but after weeks of hard work, I got success and implemented cross domain sso sucessfully.

Future Work

  • Integration of other 3rd party OAuth providers like google on IM auth server.
  • UI enhancement.
  • Make IM more secure.

Blog Posts

Interview with InterMine

Scrums

I always had a meeting with my mentors every week and we disucss together about what has been completed and what to do next?. My Weekly Scrum Reports (i.e every week work updates) can be found here.

Social

Acknowledgement

I'd like to thank my mentors Daniela and Arunan who helped and supported me throughout the journey and It was only because of both that I'm able to finish my project in such a good way. Special thanks to Daniela. She was very responsive and helpfull all along. She was always ready to discuss the problem and helped me finding the right solution of the problem.

Special thanks to InterMine community also for taking me along on this wonderful journey!!!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment