I have completed the Mastering Plone Training and successfully set up the Plone and Volto codebases on my local system. I am currently preparing a proposal for Google Summer of Code (GSoC) to work on the idea: "Update pas.plugins.authomatic to the current state of different providers."
Progress So Far
To better understand the scope of this idea, I have taken the following steps:
- Installed
pas.plugins.authomaticon a sample Plone site to explore the onboarding and setup process from a user perspective. - Set up the pas.plugins.authomatic codebase locally and analyzed its core logic of configuration-based provider setup with the help of the
authomaticlibrary - Reviewed the
authomaticlibrary's documentation to assess the current state of provider support. - Set up the
authomaticcodebase locally to gain insight into the core library that powerspas.plugins.authomatic. - Explored how to integrate new OAuth and OpenID providers in the
authomaticlibrary.
My Findings Related to the Proposed Idea
Potential New Providers for Inclusion:
- Apple
- Discord
- Slack
- Okta
Providers That Can Be Upgraded:
| Provider | Current Version → Updated Version |
|---|---|
| BitBucket | OAuth1.0 → OAuth2.0 |
| OAuth1.0 → OAuth2.0 | |
| Vimeo | OAuth1.0 → OAuth2.0 |
| Yahoo | OAuth1.0 → OAuth2.0 |
While I have identified potential upgrades and new provider integrations, I would appreciate clarification on the following aspects of the project idea to ensure a complete understanding of the upgrade process for the upcoming release :
- Bug Fixes & Improvements
- Are there any already known issues, existing bugs, or areas of improvement that should be included in the project scope?
- Deprecation of OAuth 1.0
- Given security best practices and the fact that some providers have discontinued OAuth 1.0, should support for OAuth 1.0 be entirely removed?
- Migration to OpenID Connect
- Are we planning to move from legacy OpenID 1.0/2.0 protocols to OpenID Connect?
Any insights or guidance from community members and mentors would be greatly appreciated.