Configure Third Party Authentication
Open edX has specific instructions for Google and Facebook.For more information about how to set up one or more of these integrations, see Common OAuth2 Providers.
Common OAuth2 Providers
Integrating with the most common OAuth2 IdPs has several steps.
Register the Open edX instance with the provider.
Configure Open edX.
Add the provider configuration.
Register the Open edX Instance
The most commmon OAuth2 providers are Google and Facebook.
Register the Open edX Instance with Google
Register the Open edX Instance with Facebook
Register the Open edX Instance with Google
The following instructions describe how to configure Google as a third party authentication provider so that users can use Google accounts (which includes Google Apps accounts) to sign in. These are based on the official Google instructions.
Obtain credentials to access the Google API. To do this, follow the official Google instructions to go to the Google Developers Console (https://console.developers.google.com/project/_/apiui/apis/library), create a new project, and enable the Google+ API service.
In the Google Developers Console, select API Manager, and then select OAuth Consent Screen.
For Product name shown to users enter the name of your Open edX instance (for example, “Example Academy Online”).
Select Save.
Select the Credentials tab, select Create credentials, and then select OAuth client ID.
For Application type, select Web application.
Leave the Authorized JavaScript origins field blank.
For Authorized redirect URIs, enter <Open edX instance domain>/auth/complete/google-oauth2/. For example, for devstack, enter http://localhost:8000/auth/complete/google-oauth2/.
Select Create to finish creating the credentials.
After you obtain the credentials, note the client ID and the client secret.
Register the Open edX Instance with Facebook
To create the app in the Facebook developer portal, follow these steps.
Sign in to Facebook, then go to the Facebook for Developers (https://developers.facebook.com/apps/?action=create) page.
Select Add a New App, and then select Website.
Enter a name for the app, and then select Create New Facebook App ID.
Enter your information in the rest of the fields in the app creation process.
Under Quick Start for Website, select Skip Quick Start.
You are now at the developer console page for the new Facebook app.
Select Settings, and note the App ID and App Secret.
On the Settings page, select Add Platform, and then select Website.
For Site URL, enter the URL of your Open edX instance (for example, http://localhost:8000/ for devstack).
In the App Domains field, enter the domain name from this URL (for example, localhost).
In the Privacy Policy URL field, enter the URL for the privacy policy. (for example, http://localhost:8000/privacy)
Select Save Changes.
Under Products -> Facebook Login -> Settings -> Authorized redirect URIs, enter <Open edX instance domain>/auth/complete/facebook/. For example, for devstack, enter http://localhost:8000/auth/complete/facebook/.
Select Save Changes.
Switch the mode from Development to Live.
Configure Open edX
Configuring Open edX is very similar for Google and Facebook.
In the lms.yml file, change the value of FEATURES > ENABLE_THIRD_PARTY_AUTH to true (it is false by default).
If necessary, make sure that the correct backend is specified.
If you are using Google, Facebook, open the lms.yml file and look for the THIRD_PARTY_AUTH_BACKENDS list. By default, the file does not contain this list.
If the lms.yml file does not contain the THIRD_PARTY_AUTH_BACKENDS list, you do not have to complete any additional steps.
If the lms.yml file contains the THIRD_PARTY_AUTH_BACKENDS list, add the backend for the applicable IdP to the list.
For Google, add "social_core.backends.google.GoogleOAuth2".
For Facebook, add "social_core.backends.facebook.FacebookOAuth2".
If you are using a custom backend, add the applicable OAuth2 provider to the THIRD_PARTY_AUTH_BACKENDS list in the lms.yml file. If the file does not contain the THIRD_PARTY_AUTH_BACKENDS list, create the list, and then add the OAuth2 provider.
In the lms.yml file, add the client secret. To do this, create the SOCIAL_AUTH_OAUTH_SECRETS key if the key does not already exist, and then add the appropriate value for your IdP.
For Google, add the following value.
SOCIAL_AUTH_OAUTH_SECRETS: { "google-oauth2": "abcdef123456789101112131" }For Facebook, add the following value.
SOCIAL_AUTH_OAUTH_SECRETS: { "facebook": "98765432181bbe3a2596efa8ba7abcde" }Restart the LMS server so that it will use the new settings.
Add the Provider Configuration
Go to <LMS URI>/admin/third_party_auth/oauth2providerconfig/. For example, on devstack, go to http://localhost:8000/admin/third_party_auth/oauth2providerconfig/.
Select Add Provider Configuration (OAuth).
Make sure that Enabled is selected.
Make sure that Visible is selected.
For Icon Class, enter the appropriate value.
For Google, enter fa-google-plus.
For Facebook, enter fa-facebook.
For Name, enter the appropriate value.
For Google, enter Google.
For Facebook, enter Facebook.
For Backend Name, select the appropriate value.
For Google, select google-oauth2.
For Facebook, select facebook.
Confirm that your 'site (example.com)' is selected from the 'site' dropdown"
For Client ID, enter the client ID that you noted earlier.
For Client Secret, enter the client Secret that you noted earlier.
(Optional) If you want Facebook or LinkedIn to provide the user’s email address during registration, enter the following code into Other settings.
For Facebook, use this code.
{ "SCOPE": ["email"], "PROFILE_EXTRA_PARAMS": {Select Save. "fields": "id, name, email" } }Select Save.
There is a country field which is required and when we will sign in with the account it will redirect to the create an account page. For this, we have to change the country attribute to optional.
vim /edx/etc/lms.yml Modify the field accordingly country: optionalRestart the server
sudo /edx/bin/supervisorctl restart all
Users who have an account with the IdP that you have configured can now sign in.