This case study delves into the successful implementation of miniOrange's REST API Authentication and OAuth Server modules to address the authentication and Single Sign-On (SSO) needs of an educational institution. The institution comprised three critical components: Portal 1, a dedicated Teacher/Student login platform built on Drupal, Portal 2, a LearnWorlds LMS website hosting various courses, and the main website, also built on Drupal, serving as a central repository of user information and course content.
To create a seamless user experience and enable secure communication between the portals and the main website, miniOrange's specialized modules were chosen. The REST API Authentication module served as the gatekeeper, ensuring secure API requests from both Portal 1 and Portal 2, while the OAuth Server module facilitated SSO between the portals and the main website.
In this case study, we will explore the technicalities and workflows behind these modules, the significance of JWT authentication for REST API communication, and the role of OAuth 2.0 in enabling Single Sign-On across the educational institution's platforms.
About the project
Requirements:
- Implement secure REST API communication between Portal 1, Portal 2, and the main website.
- Enable Single Sign-On (SSO) functionality to provide a seamless login experience for users across all platforms.
- Facilitate the sharing of JWT tokens from Portal 1 to Portal 2, allowing access to courses and content seamlessly.
- Compatibility with both Drupal and non-Drupal websites.
Implementation:
The REST API Authentication module played a crucial role in securing communication between the portals and the main website.
JWT Token Validation: Whenever a request is received from Portal 1 or Portal 2, the REST API Authentication module verifies the received JWT token's signature and expiration time to ensure its authenticity and validity.
REST API authentication utilizes the JWT tokens to ensure secure transmission of user data between the portals and the main website. The module validates each received JWT token. It verifies the token's signature to ensure it has not been tampered with during transmission. Additionally, the module checks the token's expiration time to prevent the use of outdated tokens for security purposes.
The OAuth Server module on the main website acted as an authorization server, enabling Single Sign-On (SSO) and issuing JWT tokens for successful authentication. Here's how the implementation was carried out:
Centralized SSO: The OAuth Server module facilitated seamless Single Sign-On (SSO) between Portal 1 and the main website. Whenever a user accessed Portal 1, they were redirected to the main website for authentication.
Issuing JWT Tokens: Upon successful authentication on the main website, the OAuth Server module issued a JWT token containing user-specific information. This token served as a proof of authentication and was the key to accessing both Portal 1 and Portal 2.
Password Grant Type Authorization: To authenticate users, the Password Grant Type authorization flow is initiated. This flow securely exchanges the user's credentials for an access token from the OAuth Server module on the main website.
Sharing JWT Tokens: Once the JWT token is issued, Portal 1 shares it with Portal 2. This sharing of JWT tokens allowed Portal 2 to recognize the user's authenticated status and grant them access to the relevant courses and content.
Conclusion:
By deploying miniOrange's REST API Authentication and OAuth Server modules in conjunction with Drupal, the educational institution achieved a secure, seamless, and user-friendly ecosystem. Students and teachers experienced the convenience of Single Sign-On, enabling them to access courses and content across platforms effortlessly.
Leveraging JWT tokens and OAuth 2.0, the institution ensured that data transmission remained secure, and authentication processes were efficient. As the institution continues to evolve, the modular architecture and flexible nature of the solution provide the foundation for future enhancements and scalability.
Why Drupal was chosen
Why Drupal was Chosen:
- Flexibility: Drupal's modular architecture provided the flexibility to integrate with miniOrange's specialized modules and accommodate the institution's specific requirements.
- Extensibility: The rich ecosystem of Drupal modules allowed for future enhancements and customizations as the institution's needs evolved.
- Robust User Management: Drupal's user management system offered granular control over user access, crucial for a multi-portal environment.
- The scalability options provided by Drupal made it suitable for integrating multiple portals.
Technical Specifications
Drupal version:
Key modules/theme/distribution used:
