| Student | Rahul Yadav |
|---|---|
| Github | @rahul-y |
| Organisation | InterMine |
| Project | Single Sign In |
This project's aim was to make InterMine an OAuth2.0 provider, A common sign-In mechanism for all 30 instances of InterMine. My main task was to develop an InterMine authorization server from scratch and configure it with the current login system of InterMine. This project's requirement was to make use of Spring Security.
I contributed to multiple repositories of InterMine within the 2019 Google Summer of Code period and my main contribution was towards the InterMine Authorization Server.
My contributions to InterMine repositories are listed below.
| Student | Rahul Yadav |
|---|---|
| Tasks Completed | 08 |
| Pull Requests | 07 |
| Commits | 166 |
| Issue Resolved | 25 |
| Blog Posts | 02 |
| Documentation | JavaDoc |
| - | README |
| - | User Guide |
| - | Tech Document |
Repositories worked on: InterMine Authorization Server + InterMine
- Pull Request#1: Link
- Commits: Link
- Description: Aim of this task was to create a base for the new InterMine Authorization server. With this pull request we had a spring boot app, configured with postgresql database and working rest end points for access token and authorization code. Both endpoints were successfully generating token and code during OAuth2.0 flow. We also had a proper README file for the installation and working instructions.
- Pull Request#2: Link
- Commits: Link
- Description: With this pull request, we had enhanced the security of IM auth server and added custom encryption algorithms and encoders for our passwords and other sensitive data, thus data became secure and stored as in ecnrypted form in the database. Also, with these new changes due to which a user was able to register a client with the help of rest endpoints and could also follow the updated instructions from the Readme file.
- Pull Request#3: Link
- Pull Request#4: Link
- Commits: Link1 Link2
- Description: Aim of this task was to make a dashboard from which a user can login or register a new account as well as can register a client also. With these new changes, we had a dashboard from which a user can create an account or login in IM auth server and after login can also register a client which previously was only possible by making request on endpoints. A user could also access its client credentials generated by IM auth server via dashboard itself.
- Pull Request#5: Link
- Commits: Link
- Description: Aim of this task was to add support of JWT(JSON WEB TOKEN) in IM auth server. With the help of JWT token we can encode our own custom additional details in the token itself. In IM auth server now access token in OAuth2.0 flow is converted in JWT token and this token is also used to provide additional information to client after decoding.
- Pull Request#6: Link
- Commits: Link
- Description: Aim of this task was to find a solution by which a user can manage all its registered client on IM auth server. With this pull request, user can manage all its registered client via user dashboard and also can update,reset and delete them. With these new changes also no user can register any client which is already registered with IM auth server i.e custom validation added in the registration process.
This pull request consist of some major tasks which were most important and necessary.
- Pull Request#7: Link
- Commits(IM Auth Server): Link
- Commits(InterMine): Link
- Tasks: Migration, New User Interface & Cross-Domain SSO.
- Description: Aim of this task was to find a solution for the user who already have an account on mines(Intermine instances). These new changes for the migration feature helps a user to merge old mine account with the new IM account. This tasks includes changes on both InterMine Authorization server and as well as on InterMine webapp too.With the help of migration feature a user can merge multiple accounts of different mines with the one single IM account.
- Description: Aim of this task was to make an interative user interface of the InterMine authorization server. In this new user interface a user and as well as an admin both can interact with auth server very smoothly. This task final outputs were a homepage, user dashboard, admin dashboard & contact us page. A user can register and manage registered client via user dashboard and admin can control everything via admin dashboard.
- Description: Aim of this task was to add cross domain sso functionality for all the 30 mines with the common InterMine auth server. This new feature allows a user to logged in only once in a browser and will be automatically logged in to all other 29 mines i.e logged once, logged everywhere.
| Home Page |
|---|
 |
| User Dashboard |
|---|
 |
| User Registration | Client Registration | Client Management |
|---|---|---|
 |
 |
 |
| Merge Pop Up | Authorize Pop Up |
|---|---|
 |
 |
| Admin Dashboard |
|---|
 |
Some of the major challenges along the way:
- Spring security is very vast field and there's not much about OAuth2.0 custom implementation. A major challenge was to configure the spring OAuth2.0 for our custom need for which I had to do a lot of testing and it took a lot of time.
- Migration functionality was very important to implement but for that I had to analyze internal flow of Spring OAuth2.0 security. So that it can be configured with InterMine webapp. I had a lot of discussion with my mentors on this problem and finally came up with a perfect solution.
- Playing with session cookies is always a fun but when it comes to a cross domain authentication using them then they becomes a nightmare. I did a lot of investigation on this and failed many times but after weeks of hard work, I got success and implemented cross domain sso sucessfully.
- Integration of other 3rd party OAuth providers like google on IM auth server.
- UI enhancement.
- Make IM more secure.
I always had a meeting with my mentors every week and we disucss together about what has been completed and what to do next?. My Weekly Scrum Reports (i.e every week work updates) can be found here.
- Community Meetup For Final Presentation
- Recorded live presentation of my project on youtube
- Presentation Slides of my Project
I'd like to thank my mentors Daniela and Arunan who helped and supported me throughout the journey and It was only because of both that I'm able to finish my project in such a good way. Special thanks to Daniela. She was very responsive and helpfull all along. She was always ready to discuss the problem and helped me finding the right solution of the problem.
Special thanks to InterMine community also for taking me along on this wonderful journey!!!!!