Single sign-on: ActiveTextbook with an LMS using OAuth2

Introduction

You’re probably familiar with OAuth2 already. OAuth2 is the technology behind the “Login with Facebook” or “Login with Google” buttons (and many others). OAuth2 is the best way to create a single sign on for two disparate web applications.

With single sign-on (SSO) users do not have to remember multiple passwords when logging into various applications. This becomes especially convenient with applications such as Blackboard, Canvas or Moodle where an instructor embeds an ActiveTextbook document in a course. When a user clicks the book link from within an LMS the user is transparently logged into ActiveTextbook without having to type a username and password, potentially without realizing that they have ended up in a separate application.

Sample OAuth2 process

The OAuth2 process is straightforward, for brevity we’ll omit some technical details.

Say we wanted to integrate ActiveTextbook with an ACME University. ACME University already manages it’s students accounts and would like to establish an SSO connection between ActiveTextbook and ACME.

When a student clicks a book link that leads to ActiveTextbook the following process happens:

1. ActiveTextbook asks ACME to provide the user’s identity.
2. If the user is not logged in with ACME, they are required to logged in. Then the user information is forwarded to ActiveTextbook.
3. ActiveTextbook processes the user information and creates a corresponding user record and displays the book.

Note that every request is securely signed; the interaction happens transparently to the user.

Integration with ActiveTextbook

One of the advantages of using OAuth2 is that it’s a well defined specification supported by industry. The integration is quite simple with a variety of libraries available for every language. ActiveTextbook does require a small additional step. At the end of the OAuth2 workflow we need to get users’ details, such as name and role within the system. Typically this functionality already exists within the system.

Leave a Reply

Your email address will not be published. Required fields are marked *