naviserver-users — Discussion of installation and usage of NaviServer

Re: [Naviserver-users] purpose of the group, my video, oauth2 in tcl

[Gustaf N. (sslmail) <ne...@wu...>]

Hi John,


> There were two rumors of a Tcl native OATH2 implementation.
> 
> 1) In OpenACS, I think Gustav mentioned this, but googling I only find
> a 2023 conversation
> https://openacs.org/forums/message-view?message_id=5741773
> 
> 2) Antonio (I think) mentioned that someone in Vienna has done this,
> but they have not replied to emails asking to open source it.

well, i try to recap:

The first oauth2 (client) authentication was implemented by Sabine Stransky (she was one of the participants in Bologna) for a customer for using it with Microsoft (Azure). Later, this was extended by KM (mostly Michael Aram from KM, who participated in the Vienna OpenACS conferences) for using it mostly with LTI. KM agreed several years ago to release these parts it into OpenACS, but this was based on several local modifications at KM). At that time, i picked up the code, modernized and generalized it, and made an integration with the standard OpenACS. In this process, i support for using GitHub as an identity provider, by not only depending on MSoft (MSoft is not literally following the OAuth2 standard recommendations, one has to interprete the claims, there are two versions out, etc), Look here what’s in OpenACS;

https://github.com/openacs/xooauth/blob/main/tcl/rest-procs.tcl
https://github.com/openacs/xooauth/blob/main/tcl/authorize-procs.tcl
https://github.com/openacs/xooauth/blob/main/tcl/ms-procs.tcl
https://github.com/openacs/xooauth/blob/main/tcl/canvas-procs.tcl

The MS part provides in addition to authorization a subset of the MS Grah interface

https://openacs.org/xowiki/msgraph

There is a similar code for accessing the Canvas interface in the canvas-procs.

The authorization part (login/logout) is in the class “Authorize” class. The MS authorization does the same towards the end of the ms-procs.
When using GitHub as identity provider, a subclass of the Authorize class is used, which handles the GitHub specific part (look into authorize-procs towards the end). 

This code is used in production the Vienna University of Economics since a few years.

I was planning to provide a pure NaviServer OAUTH2 example for using GitHub as identity provider with the new authorization chains for the conference, but time was running out, I could only provide the LDAP interface (see README file), since there was also much cleanup required in nsldap
https://github.com/naviserver-project/nsldap

to provide the example will cost me a couple of days to load the necessary parts into my brain, factor our the relevant parts from OpenACS, and to provide an interface that can be used with OpenACS as well… 

all the best
-gustaf

[Naviserver-users] purpose of the group, my video, oauth2 in tcl

[Decent E. <dec...@gm...>]

Thanks for making this group, for discussing us using naviserver, as
opposed to development.

My hope is that we’ll all post here things that we need to do, before
we do them.

Ideally, then, we can help each other by giving advice and/or sharing code.

--

 > PS: The videos from the conference are already online (many thanks
to Antonio!), they need still linkage on the conference site.
https://learn.wu.ac.at/eurotcl2025/

Wow, FAST!

I put together an improved version of my talk, using a front facing
camera, and using Adobe’s audio AI to much improve the audio quality
https://www.youtube.com/watch?v=p7rX0OVCeLo

The audio makes me sound slightly slurry and drunk, but totally
removes the room echo which makes understandability difficult.

I’m happy to share here any of my Tcl code for doing things that I presented.

—

There were two rumors of a Tcl native OATH2 implementation.

1) In OpenACS, I think Gustav mentioned this, but googling I only find
a 2023 conversation
https://openacs.org/forums/message-view?message_id=5741773

2) Antonio (I think) mentioned that someone in Vienna has done this,
but they have not replied to emails asking to open source it.

—