Clarification Regarding Updating pas.plugins.authomatic GSOC Idea

I have completed the Mastering Plone Training and successfully set up the Plone and Volto codebases on my local system. I am currently preparing a proposal for Google Summer of Code (GSoC) to work on the idea: "Update pas.plugins.authomatic to the current state of different providers."

Progress So Far

To better understand the scope of this idea, I have taken the following steps:

  • Installed pas.plugins.authomatic on a sample Plone site to explore the onboarding and setup process from a user perspective.
  • Set up the pas.plugins.authomatic codebase locally and analyzed its core logic of configuration-based provider setup with the help of the authomatic library
  • Reviewed the authomatic library's documentation to assess the current state of provider support.
  • Set up the authomatic codebase locally to gain insight into the core library that powers pas.plugins.authomatic.
  • Explored how to integrate new OAuth and OpenID providers in the authomatic library.

My Findings Related to the Proposed Idea

Potential New Providers for Inclusion:

  • Apple
  • Discord
  • Slack
  • Okta

Providers That Can Be Upgraded:

Provider Current Version → Updated Version
BitBucket OAuth1.0 → OAuth2.0
Twitter OAuth1.0 → OAuth2.0
Vimeo OAuth1.0 → OAuth2.0
Yahoo OAuth1.0 → OAuth2.0

While I have identified potential upgrades and new provider integrations, I would appreciate clarification on the following aspects of the project idea to ensure a complete understanding of the upgrade process for the upcoming release :

  1. Bug Fixes & Improvements
    • Are there any already known issues, existing bugs, or areas of improvement that should be included in the project scope?
  2. Deprecation of OAuth 1.0
    • Given security best practices and the fact that some providers have discontinued OAuth 1.0, should support for OAuth 1.0 be entirely removed?
  3. Migration to OpenID Connect
    • Are we planning to move from legacy OpenID 1.0/2.0 protocols to OpenID Connect?

Any insights or guidance from community members and mentors would be greatly appreciated.

3 Likes

Hello @ommgh!

Thank you for the interest in pas.plugins.authomatic.

Right now this plugins relies on authomatic, which is maintained by @jensens, and it seems all the improvements you suggest should be there, not in pas.plugins.authomatic

Best,
ea

1 Like