- Organization: The Linux Foundation
- Project: User Interfaces for using OAuth2 with Printers and Scanners
- Project Page: Click here
- Project Repository: Click here
- Proposal: Click Here
Hi, I am Shivam Sharma, currently working at Cognizant Technology Solutions. I was selected as a GSOC 2024 contributor for OpenPrinting @ The Linux Foundation. My project was adding OAuth2 support for using printers and scanners to CUPS. I have managed to add OAuth2 support for client verification to keep client data secure.
The printing ecosystem in Unix-like systems often requires users to authenticate with online accounts to access cloud-based printing services. Integrating GNOME Online Accounts with CPDB simplifies this process, offering a unified and user-friendly interface for managing print jobs. We also managed to handle token exchange for smooth authentication. GOA provides several libraries for OAuth support, so I used those libraries for token exchange, verifying account and auhtorization URL. Later the part of the authorization URL was done with the help of github OAuth support. I used github for generating cliend id and client secret to help client verify their identity and keep their data safe.
I have made some changes to existing CPDB backend file for OAuth flow and the code is ready to review. The name of the file is print_backend_cups, I modified on_handle_print_socket() function and added some features to connect CPDB backend with OAuth. I also added end_print_job_with_token() function which will be responsible for processing print request after successfully verifying the access token and after that the process authentication process will be completed.
I have also added function to store access token and the access token will be expired within a minute and it can not be used after that and they are not reusble as well. Only requested client can access the access token and we are not compromising security in the complete OAuth flow.
The objective of this project is to add OAuth2 support for using printers and scanners. We aim to achieve this by:
- Integrate OAuth2 authentication using GNOME Online Accounts (GOA).
- Develop a local server in C to handle OAuth2 callbacks.
- Ensure access token will be expired within a time frame for security purpose.
- Ensure seamless integration with CPDB and CUPS.
- Provide a user-friendly interface for managing online accounts within the print dialog.
- Setup GOA OAuth based D-bus system.
- OAuth2 flow implementation: It includes initializing GOA client, establishing connection between client and auth server and initiating token exchange.
- Local server setup for callbacks: The local server setup involved using libmicrohttpd to create an HTTP server on port 8080, handling OAuth2 callback requests, and processing authorization codes to obtain access tokens.
- Merging OAuth2 code with CPDB: It contains complete OAuth setup which will be added to CPDB for client authentication.
- Token handling: Managing OAuth2 tokens securely was challenging. Implemented secure storage and retrieval mechanisms for tokens.
- Merging it to CPDB: Initially I was getting lots of error while merging it to CPDB then I made changes to makefile and merged the OAuth code with CPDB.
The integration successfully streamlined the authentication process, reducing the time required for users to log in to their online accounts from within the print dialog. User feedback indicated a significant improvement in the overall user experience.
-
Here is the screenshot of the user interface for authorization:
-
Here is the OAuth workflow
-
Here is the video of working demonstration of OAuth support: Demo Video
-
Here is the pull request created for this project and the complete code is ready to be reviewed. PR
The setup of local server and token exchange is successfully accomplished. However, there are several exciting improvements that could enhance the OAuth2 support:
- Testing complete OAuth2 flow on CPDB keeping all the security parameters in mind.
- Implementing support for additional online services: We can implement many more online services in the authentication page by allowing user to use different methods for authentication.
- Enhance security for token storage: Security can not be compromised so I will add more security layers for token storage.
- Develop a graphical interface for managing OAuth2 tokens.
Further implementation will be done within 1 month.
I am deeply grateful to the OpenPrinting for giving me the incredible opportunity to participate in Google Summer of Code (GSoC) program. My mentors, Till Kamppeter and Deepak Patankar helped me alot during this journey. These project wouldn't have been possible without both of you. The weekly project sync with Deepak helped me achieve most of the goals.