Information about OAuth2

["K. Kamhamea" <ka...@googlemail.com>]

Hello,
please can someone provide information how OAuth works with OM5. If
'allow.oauth.register' in Administration > Configuration is turned true,
one would expect login with Facebook or Google is allowed. Why I don't find
a Facebook, Google link on the Login Dialog?

K.

Re: Information about OAuth2

[Maxim Solodovnik <so...@gmail.com>]

You have to register in JIRA to comment

Privacy statement will NOT be customizable via Admin
You can modify the text in HTML
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/PrivacyPage.html
and restart OM

On Fri, 17 Apr 2020 at 13:52, K. Kamhamea <ka...@googlemail.com> wrote:

> I'm not sure, do I have a login to comment on that? My Confluence Login
> doesn't work.
>
> :-)
> I would like to add: A customizable link set in Administration >
> Configuration, so every client who uses this software in his/her own
> environment can provide a specifically tailored one. This link is shown
> only if specified and can be omitted if empty.
> (The parameter could have been of the same Type/Key/Value combination as
> "dashboard.rss.feed1" for instance.)
> Best K.
>
> Am Fr., 17. Apr. 2020 um 08:25 Uhr schrieb Maxim Solodovnik <
> solomax666@gmail.com>:
>
>> OK
>> Let it be: https://issues.apache.org/jira/browse/OPENMEETINGS-2271
>>
>> On Fri, 17 Apr 2020 at 01:34, K. Kamhamea <ka...@googlemail.com>
>> wrote:
>>
>>> Oh, please don't get me wrong, I don't want to cause you any trouble.
>>> I'm not one of these greedy lawyers, and I suppose you will never be
>>> pestered by such a person as it is an non-for-profit-open-source-project,
>>> and for that purpose everything seems fine. What I'm concerned about is the
>>> clients who will use your software on their own server. They may get
>>> inadvertently into trouble. Maybe not in your country but here in my
>>> country there are enough people who have nothing else to do as searching
>>> opportunities to legally steal, and a court is of no help as judges here
>>> belong to the same category. Believe me I know what I'm talking about, I
>>> lost a lot of money to them. Look at Facebook for instance they do have a
>>> bullet proof login page, probably checked by lots of layers.
>>>
>>> In summary: you guys do an excellent job, but those who use your
>>> software would better be warned, and maybe you decide to offer a custom
>>> login page.
>>> Best K.
>>>
>>>
>>>
>>> Am Do., 16. Apr. 2020 um 09:25 Uhr schrieb Maxim Solodovnik <
>>> solomax666@gmail.com>:
>>>
>>>> Well,
>>>>
>>>> actually google asks for the direct link
>>>> And here is the link: https://om.alteametasoft.com:8443/next/privacy i.e.
>>>> I still see no issue here
>>>>
>>>> Could quote Google where it states: " they explicitly want the link to
>>>> Terms and Data Policy provided on the Login page" ?
>>>>
>>>> On Thu, 16 Apr 2020 at 13:53, K. Kamhamea <ka...@googlemail.com>
>>>> wrote:
>>>>
>>>>> I see. I have to register with an OAuth2 provider first to get ID and
>>>>> Secret. However OAuth2 makes the legal issue even more prominent as we
>>>>> discussed elsewhere.
>>>>>
>>>>> 1) "Here is a legal issue."
>>>>> The link to the "privacy statement" is on registration form and in
>>>>> user profile
>>>>> So both registered and non-registered users can review it
>>>>> I can contact Alache legal if you believe this is the issue
>>>>>
>>>>> 1 - OAuth users will never reach the registration form.
>>>>> 2 - When asking Google for ID and Secret, they explicitly want the
>>>>> link to Terms and Data Policy provided on the Login page.
>>>>>
>>>>> I don't know about the other providers, but think it will be tha same
>>>>> story.
>>>>>
>>>>> K.
>>>>>
>>>>> Am Do., 16. Apr. 2020 um 04:12 Uhr schrieb Maxim Solodovnik <
>>>>> solomax666@gmail.com>:
>>>>>
>>>>>> It works at our demo :)
>>>>>> In addition to 'allow.oauth.register'
>>>>>> You need to go to Admin-> OAuth and set up integration with provider
>>>>>> chosen
>>>>>>
>>>>>> On Thu, 16 Apr 2020 at 03:04, K. Kamhamea <ka...@googlemail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>> please can someone provide information how OAuth works with OM5. If
>>>>>>> 'allow.oauth.register' in Administration > Configuration is turned true,
>>>>>>> one would expect login with Facebook or Google is allowed. Why I don't find
>>>>>>> a Facebook, Google link on the Login Dialog?
>>>>>>>
>>>>>>> K.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>

-- 
Best regards,
Maxim

Re: Information about OAuth2

["K. Kamhamea" <ka...@googlemail.com>]

I'm not sure, do I have a login to comment on that? My Confluence Login
doesn't work.

:-)
I would like to add: A customizable link set in Administration >
Configuration, so every client who uses this software in his/her own
environment can provide a specifically tailored one. This link is shown
only if specified and can be omitted if empty.
(The parameter could have been of the same Type/Key/Value combination as
"dashboard.rss.feed1" for instance.)
Best K.

Am Fr., 17. Apr. 2020 um 08:25 Uhr schrieb Maxim Solodovnik <
solomax666@gmail.com>:

> OK
> Let it be: https://issues.apache.org/jira/browse/OPENMEETINGS-2271
>
> On Fri, 17 Apr 2020 at 01:34, K. Kamhamea <ka...@googlemail.com> wrote:
>
>> Oh, please don't get me wrong, I don't want to cause you any trouble. I'm
>> not one of these greedy lawyers, and I suppose you will never be pestered
>> by such a person as it is an non-for-profit-open-source-project, and for
>> that purpose everything seems fine. What I'm concerned about is the clients
>> who will use your software on their own server. They may get inadvertently
>> into trouble. Maybe not in your country but here in my country there are
>> enough people who have nothing else to do as searching opportunities to
>> legally steal, and a court is of no help as judges here belong to the same
>> category. Believe me I know what I'm talking about, I lost a lot of money
>> to them. Look at Facebook for instance they do have a bullet proof login
>> page, probably checked by lots of layers.
>>
>> In summary: you guys do an excellent job, but those who use your software
>> would better be warned, and maybe you decide to offer a custom login page.
>> Best K.
>>
>>
>>
>> Am Do., 16. Apr. 2020 um 09:25 Uhr schrieb Maxim Solodovnik <
>> solomax666@gmail.com>:
>>
>>> Well,
>>>
>>> actually google asks for the direct link
>>> And here is the link: https://om.alteametasoft.com:8443/next/privacy i.e.
>>> I still see no issue here
>>>
>>> Could quote Google where it states: " they explicitly want the link to
>>> Terms and Data Policy provided on the Login page" ?
>>>
>>> On Thu, 16 Apr 2020 at 13:53, K. Kamhamea <ka...@googlemail.com>
>>> wrote:
>>>
>>>> I see. I have to register with an OAuth2 provider first to get ID and
>>>> Secret. However OAuth2 makes the legal issue even more prominent as we
>>>> discussed elsewhere.
>>>>
>>>> 1) "Here is a legal issue."
>>>> The link to the "privacy statement" is on registration form and in user
>>>> profile
>>>> So both registered and non-registered users can review it
>>>> I can contact Alache legal if you believe this is the issue
>>>>
>>>> 1 - OAuth users will never reach the registration form.
>>>> 2 - When asking Google for ID and Secret, they explicitly want the link
>>>> to Terms and Data Policy provided on the Login page.
>>>>
>>>> I don't know about the other providers, but think it will be tha same
>>>> story.
>>>>
>>>> K.
>>>>
>>>> Am Do., 16. Apr. 2020 um 04:12 Uhr schrieb Maxim Solodovnik <
>>>> solomax666@gmail.com>:
>>>>
>>>>> It works at our demo :)
>>>>> In addition to 'allow.oauth.register'
>>>>> You need to go to Admin-> OAuth and set up integration with provider
>>>>> chosen
>>>>>
>>>>> On Thu, 16 Apr 2020 at 03:04, K. Kamhamea <ka...@googlemail.com>
>>>>> wrote:
>>>>>
>>>>>> Hello,
>>>>>> please can someone provide information how OAuth works with OM5. If
>>>>>> 'allow.oauth.register' in Administration > Configuration is turned true,
>>>>>> one would expect login with Facebook or Google is allowed. Why I don't find
>>>>>> a Facebook, Google link on the Login Dialog?
>>>>>>
>>>>>> K.
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>>
>>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>
>
> --
> Best regards,
> Maxim
>

Re: Information about OAuth2

[Maxim Solodovnik <so...@gmail.com>]

OK
Let it be: https://issues.apache.org/jira/browse/OPENMEETINGS-2271

On Fri, 17 Apr 2020 at 01:34, K. Kamhamea <ka...@googlemail.com> wrote:

> Oh, please don't get me wrong, I don't want to cause you any trouble. I'm
> not one of these greedy lawyers, and I suppose you will never be pestered
> by such a person as it is an non-for-profit-open-source-project, and for
> that purpose everything seems fine. What I'm concerned about is the clients
> who will use your software on their own server. They may get inadvertently
> into trouble. Maybe not in your country but here in my country there are
> enough people who have nothing else to do as searching opportunities to
> legally steal, and a court is of no help as judges here belong to the same
> category. Believe me I know what I'm talking about, I lost a lot of money
> to them. Look at Facebook for instance they do have a bullet proof login
> page, probably checked by lots of layers.
>
> In summary: you guys do an excellent job, but those who use your software
> would better be warned, and maybe you decide to offer a custom login page.
> Best K.
>
>
>
> Am Do., 16. Apr. 2020 um 09:25 Uhr schrieb Maxim Solodovnik <
> solomax666@gmail.com>:
>
>> Well,
>>
>> actually google asks for the direct link
>> And here is the link: https://om.alteametasoft.com:8443/next/privacy i.e.
>> I still see no issue here
>>
>> Could quote Google where it states: " they explicitly want the link to
>> Terms and Data Policy provided on the Login page" ?
>>
>> On Thu, 16 Apr 2020 at 13:53, K. Kamhamea <ka...@googlemail.com>
>> wrote:
>>
>>> I see. I have to register with an OAuth2 provider first to get ID and
>>> Secret. However OAuth2 makes the legal issue even more prominent as we
>>> discussed elsewhere.
>>>
>>> 1) "Here is a legal issue."
>>> The link to the "privacy statement" is on registration form and in user
>>> profile
>>> So both registered and non-registered users can review it
>>> I can contact Alache legal if you believe this is the issue
>>>
>>> 1 - OAuth users will never reach the registration form.
>>> 2 - When asking Google for ID and Secret, they explicitly want the link
>>> to Terms and Data Policy provided on the Login page.
>>>
>>> I don't know about the other providers, but think it will be tha same
>>> story.
>>>
>>> K.
>>>
>>> Am Do., 16. Apr. 2020 um 04:12 Uhr schrieb Maxim Solodovnik <
>>> solomax666@gmail.com>:
>>>
>>>> It works at our demo :)
>>>> In addition to 'allow.oauth.register'
>>>> You need to go to Admin-> OAuth and set up integration with provider
>>>> chosen
>>>>
>>>> On Thu, 16 Apr 2020 at 03:04, K. Kamhamea <ka...@googlemail.com>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>> please can someone provide information how OAuth works with OM5. If
>>>>> 'allow.oauth.register' in Administration > Configuration is turned true,
>>>>> one would expect login with Facebook or Google is allowed. Why I don't find
>>>>> a Facebook, Google link on the Login Dialog?
>>>>>
>>>>> K.
>>>>>
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>

-- 
Best regards,
Maxim

Re: Information about OAuth2

["K. Kamhamea" <ka...@googlemail.com>]

Oh, please don't get me wrong, I don't want to cause you any trouble. I'm
not one of these greedy lawyers, and I suppose you will never be pestered
by such a person as it is an non-for-profit-open-source-project, and for
that purpose everything seems fine. What I'm concerned about is the clients
who will use your software on their own server. They may get inadvertently
into trouble. Maybe not in your country but here in my country there are
enough people who have nothing else to do as searching opportunities to
legally steal, and a court is of no help as judges here belong to the same
category. Believe me I know what I'm talking about, I lost a lot of money
to them. Look at Facebook for instance they do have a bullet proof login
page, probably checked by lots of layers.

In summary: you guys do an excellent job, but those who use your software
would better be warned, and maybe you decide to offer a custom login page.
Best K.



Am Do., 16. Apr. 2020 um 09:25 Uhr schrieb Maxim Solodovnik <
solomax666@gmail.com>:

> Well,
>
> actually google asks for the direct link
> And here is the link: https://om.alteametasoft.com:8443/next/privacy i.e.
> I still see no issue here
>
> Could quote Google where it states: " they explicitly want the link to
> Terms and Data Policy provided on the Login page" ?
>
> On Thu, 16 Apr 2020 at 13:53, K. Kamhamea <ka...@googlemail.com> wrote:
>
>> I see. I have to register with an OAuth2 provider first to get ID and
>> Secret. However OAuth2 makes the legal issue even more prominent as we
>> discussed elsewhere.
>>
>> 1) "Here is a legal issue."
>> The link to the "privacy statement" is on registration form and in user
>> profile
>> So both registered and non-registered users can review it
>> I can contact Alache legal if you believe this is the issue
>>
>> 1 - OAuth users will never reach the registration form.
>> 2 - When asking Google for ID and Secret, they explicitly want the link
>> to Terms and Data Policy provided on the Login page.
>>
>> I don't know about the other providers, but think it will be tha same
>> story.
>>
>> K.
>>
>> Am Do., 16. Apr. 2020 um 04:12 Uhr schrieb Maxim Solodovnik <
>> solomax666@gmail.com>:
>>
>>> It works at our demo :)
>>> In addition to 'allow.oauth.register'
>>> You need to go to Admin-> OAuth and set up integration with provider
>>> chosen
>>>
>>> On Thu, 16 Apr 2020 at 03:04, K. Kamhamea <ka...@googlemail.com>
>>> wrote:
>>>
>>>> Hello,
>>>> please can someone provide information how OAuth works with OM5. If
>>>> 'allow.oauth.register' in Administration > Configuration is turned true,
>>>> one would expect login with Facebook or Google is allowed. Why I don't find
>>>> a Facebook, Google link on the Login Dialog?
>>>>
>>>> K.
>>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>
>
> --
> Best regards,
> Maxim
>

Re: Information about OAuth2

[Maxim Solodovnik <so...@gmail.com>]

Well,

actually google asks for the direct link
And here is the link: https://om.alteametasoft.com:8443/next/privacy i.e. I
still see no issue here

Could quote Google where it states: " they explicitly want the link to
Terms and Data Policy provided on the Login page" ?

On Thu, 16 Apr 2020 at 13:53, K. Kamhamea <ka...@googlemail.com> wrote:

> I see. I have to register with an OAuth2 provider first to get ID and
> Secret. However OAuth2 makes the legal issue even more prominent as we
> discussed elsewhere.
>
> 1) "Here is a legal issue."
> The link to the "privacy statement" is on registration form and in user
> profile
> So both registered and non-registered users can review it
> I can contact Alache legal if you believe this is the issue
>
> 1 - OAuth users will never reach the registration form.
> 2 - When asking Google for ID and Secret, they explicitly want the link to
> Terms and Data Policy provided on the Login page.
>
> I don't know about the other providers, but think it will be tha same
> story.
>
> K.
>
> Am Do., 16. Apr. 2020 um 04:12 Uhr schrieb Maxim Solodovnik <
> solomax666@gmail.com>:
>
>> It works at our demo :)
>> In addition to 'allow.oauth.register'
>> You need to go to Admin-> OAuth and set up integration with provider
>> chosen
>>
>> On Thu, 16 Apr 2020 at 03:04, K. Kamhamea <ka...@googlemail.com>
>> wrote:
>>
>>> Hello,
>>> please can someone provide information how OAuth works with OM5. If
>>> 'allow.oauth.register' in Administration > Configuration is turned true,
>>> one would expect login with Facebook or Google is allowed. Why I don't find
>>> a Facebook, Google link on the Login Dialog?
>>>
>>> K.
>>>
>>
>>
>> --
>> Best regards,
>> Maxim
>>
>

-- 
Best regards,
Maxim

Re: Information about OAuth2

["K. Kamhamea" <ka...@googlemail.com>]

I see. I have to register with an OAuth2 provider first to get ID and
Secret. However OAuth2 makes the legal issue even more prominent as we
discussed elsewhere.

1) "Here is a legal issue."
The link to the "privacy statement" is on registration form and in user
profile
So both registered and non-registered users can review it
I can contact Alache legal if you believe this is the issue

1 - OAuth users will never reach the registration form.
2 - When asking Google for ID and Secret, they explicitly want the link to
Terms and Data Policy provided on the Login page.

I don't know about the other providers, but think it will be tha same story.

K.

Am Do., 16. Apr. 2020 um 04:12 Uhr schrieb Maxim Solodovnik <
solomax666@gmail.com>:

> It works at our demo :)
> In addition to 'allow.oauth.register'
> You need to go to Admin-> OAuth and set up integration with provider chosen
>
> On Thu, 16 Apr 2020 at 03:04, K. Kamhamea <ka...@googlemail.com> wrote:
>
>> Hello,
>> please can someone provide information how OAuth works with OM5. If
>> 'allow.oauth.register' in Administration > Configuration is turned true,
>> one would expect login with Facebook or Google is allowed. Why I don't find
>> a Facebook, Google link on the Login Dialog?
>>
>> K.
>>
>
>
> --
> Best regards,
> Maxim
>

Re: Information about OAuth2

[Maxim Solodovnik <so...@gmail.com>]

It works at our demo :)
In addition to 'allow.oauth.register'
You need to go to Admin-> OAuth and set up integration with provider chosen

On Thu, 16 Apr 2020 at 03:04, K. Kamhamea <ka...@googlemail.com> wrote:

> Hello,
> please can someone provide information how OAuth works with OM5. If
> 'allow.oauth.register' in Administration > Configuration is turned true,
> one would expect login with Facebook or Google is allowed. Why I don't find
> a Facebook, Google link on the Login Dialog?
>
> K.
>


-- 
Best regards,
Maxim