[Building Sakai] Sakai 2011 - Google Integration: Slides Posted

Duffy Gillman duffy at rsmart.com
Mon Aug 1 13:40:24 PDT 2011 

Hi Bryan,

   I have just now tested my build against the same oauth, rsmart-common, and google-content code and am not seeing the reported error. So perhaps I am missing something in the steps to reproduce the issue, or perhaps we don't yet have a shared understanding of expected behavior. Let me ask a clarifying question:

   When you say "tried different browsers, and even had someone else get on their computer and sign in", are you saying that in each case you (and the other person) logged in as the same Sakai user each time? If all logins were with the same user (eg. test1) then you are seeing the expected behavior. The integration associates a Google Docs account with the Sakai user.

   If instead you are saying you have two Sakai users defined (eg. test1, and test2), that you have associated test1 with a Google account (eg. test1 at test.com), and that logging in to Sakai from another machine as test2 provides access to the Google account of test1 at test.com, then you are indeed experiencing a drastic error. I am unable to replicate this case though, and so will want to ask for a script to test behavior against.

   Here is what I did to test:

1) Created two users: user1, user2
2) Logged in as user1 and navigated to Resources in My Workspace
3) Clicked "Link to a Google Doc" in the "Add" menu next to "My Workspace"
4) Received a screen informing me I would need to approve account access through Google and clicked "Proceed to Google"
5) Logged in to Google in the subsequent screen using my duffy 'at' rsmart.com account.
6) Granted access to Sakai.
7) Proceeded to select a document to which the link should be created.

That created the association between user1 on the Sakai side, and duffy 'at' rsmart.com on the Google side. Next I did the following:

8) Logged out of Google.
9) Logged out of Sakai.
10) Logged in to Sakai as user2 and navigated to the Resources in My Workspace
11) Clicked "Link to a Google Doc" in the "Add" menu next to "My Workspace"
12) Received a screen informing me I would need to approve account access through Google and clicked "Proceed to Google"
13) Logged in to Google in the subsequent screen using my personal gmail account.
14) Granted access to Sakai.
15) Proceeded to select a document to which the link should be created.

At no time after step 8 did I see the documents available to my duffy 'at' rsmart.com account. I instead was given access to those documents associated with my personal gmail account.

   Please let me know if your test script differs from mine or if the issue is, instead, a misunderstanding about the linkage between a Sakai account and a Google account.

Regards,

   Duffy Gillman
   Sr. Software Engineer
   The rSmart Group, Inc.

On Aug 1, 2011, at 12:53 PM, Bryan Holladay wrote:

> Duffy,
> 
> Thanks for the reply... This was my original thought when I first saw this behavior, so I signed out of google, tried different browsers, and even had someone else get on their computer and sign in.  In all cases, they all had access to my personal Gmail documents that was used to verify the server (oauth shared secret).
> 
> I compiled trunk for 
> 
> https://source.sakaiproject.org/contrib//rsmart/oauth/trunk
> https://source.sakaiproject.org/contrib//rsmart/rsmart-common/trunk/
> https://source.sakaiproject.org/contrib//rsmart/google-content/trunk/
> 
> 
> Thanks,
> Bryan
> 
> On Mon, Aug 1, 2011 at 3:45 PM, Duffy Gillman <duffy at rsmart.com> wrote:
> Hi Bryan -
> 
>   I believe the problem you are having stems from the fact that you are dealing with two sessions from two distinct services: Sakai and Google. This can cause some counterintuitive behavior. If you are logged in over at Google as test1 at test.com Google will continue to see you as test1 at test.com until you log out *with Google*. In the meantime you may log in and out of Sakai as any number of users. This will have no impact on the Google side. Google will continue to see you as test1 at test.com until you invalidate your session with their servers either by clicking Google's logout link, by clicking Google's "login as a different user" link, or by the expiration of your session with Google.
> 
>   So in your instance you are seeing behavior that would be unexpected or unlikely*  with end users. It is a function of your tests in which, unlike end users, you have multiple Sakai logins that you switch between. The typical end user will either already be logged in with Google (say, because they are using their Gmail account) and will see their account when they try to use Google Docs, or they will be asked to log in with their account the first time they try to create a Google Docs link.
> 
>   Please let me know if this explains the behavior you are seeing. Try logging out of Google when you log out of Sakai to verify the behavior and please let me know if I've adequately explained how what you have observed is happening.
> 
> Cheers,
> 
>   Duffy Gillman
>   Sr. Software Engineer
>   The rSmart Group, Inc.
> 
> * I say "unlikely" because there is one scenario in which I can envision an end user running into what you have observed. It is possible that a user on a public terminal could leave their machine login session open and could forget to logout of Google. This would of course be a huge risk to the user's account security even beyond the ability to create links in Sakai, and is unfortunately a scenario the Sakai/Google Docs integration cannot guard against since we can have no control over the other systems the user has logged into.
> 
> 
> 
> On Aug 1, 2011, at 12:21 PM, Bryan Holladay wrote:
> 
> > Thanks for all the work on this... I have a question about the integration:
> >
> > I was able to get everything working and set up my server to authenticate w/my google account.  However, this account seems to be the only account that is used throughout Sakai.  i.e.  If a user (ex. Sakai id: test1 and googleId: test1 at test.com) logs in and goes to link a google doc in resources, the list of resources to choose from are the ones in my google account that was authorized to the Sakai server.  Did I miss a part in the setup to make sure each user only has access to their own google account docs?  Or does each institution have to just have a single account that is shared throughout all of sakai?
> >
> > Thanks,
> > Bryan
> >
> >
> > On Thu, Jul 28, 2011 at 1:53 PM, Duffy Gillman <duffy at rsmart.com> wrote:
> > Hey folks -
> >
> >  Keynote and Powerporint presentations for the Google Integration talks at the Sakai 2011 Conference have been posted at the following locations:
> >
> > 2011-06-16 Sakai CLE and Google Integration
> > https://confluence.sakaiproject.org/x/rI2CB
> >
> > 2011-06-16 Sharing Google Docs Content in Resources
> > https://confluence.sakaiproject.org/x/t42CB
> >
> > Sorry for the delay!
> >
> >    Duffy GIllman
> >
> > _______________________________________________
> > sakai-dev mailing list
> > sakai-dev at collab.sakaiproject.org
> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >
> > TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> >
> 
>

More information about the sakai-dev mailing list