Updating the Security Module to Support Google Login
With the replacement of the NCP protocol with the ARPANET TCP/IP protocol, the internet gained space to evolve constantly. As more people joined the internet, things needed to happen faster, making the evolution process almost exponential: the faster a service was, the faster we wanted it to be. Nowadays, such speed can often be translated into what I call "centralize and automate": centralize services in a system and make them easy to access, eliminating monotonous steps.
With the new Google account login feature in the security module, it is possible to take advantage of all the security layers of the Google ecosystem while maintaining a high level of agility, resulting in an extremely satisfying user experience.
In this article, we will learn how to update the security module to have this powerful feature in our system.
Be aware that you will need the "ClientID" and "Secret" credentials from the Google Identity Service library pre-configured to use this feature. If you have questions or do not know how to create and configure the library, read the tutorial on how to set up the Google Identity Service!
If I did not use the social network option
If your security module does not use the social login option, you will need to prepare it to receive this new function. For this, we will create a new table in the database called "sec_users_social":
If your security module already uses the social network option with Twitter and/or Facebook, skip to the next section.
The Database Builder is not available for all DBMSs. The same changes can be made using any tool that allows database management, such as DBeaver.
1. Access the Database Builder in "Database → Database Builder":
2. Look for the "SQL Command" option:
3. Execute the "CREATE TABLE" SQL command with the fields "login", "resource" and "resource_id":
Note that the fields are of type VARCHAR(255) because we are using MySQL as an example. You need to select the corresponding type according to your DBMS.
CREATE TABLE `sec_users_social` ( `login` VARCHAR(255) NOT NULL, `resource` VARCHAR(255) NOT NULL, `resource_id` VARCHAR(255) NOT NULL, PRIMARY KEY (`login`, `resource`, `resource_id`) );
Updating the module with the new option
With everything properly configured, just update the security module:
1. Access "Modules → Security":
2. Click on "Create Security Module"":
3. Select the type of security to be used:
The option is only available for the types "Group", "Application", and "User".
4. Select the connection that has your security module tables, choose "Use existing tables", and check "Use social networks":
5. Click the reload button “↻” so Scriptcase can see the table changes and click “Next”:
6. Associate the fields with the corresponding columns and click “Proceed”:
USER
- Table → sec_users
- Login → login
- Password → pswd
- Name → name
- Phone → phone
- Position → role
- E-mail → email
- Active → active
- Activation code → activation_code
- Administrator privilege → priv_admin
- Two-Factor authentication (2FA) → mfa
- Picture → picture
- Last password change → pswd_last_updated
- Revalidation time → mfa_last_updated
GROUP:
- Table → sec_groups
- ID → group_id
- Description → description
APPLICATION:
- Table → sec_apps
- Application Name → app_name
- Description → description
- Type of Application → app_type
USER/GROUP:
- Table → sec_users_groups
- Login → login
- Group Code → group_id
GROUP/APPLICATION:
- Table → sec_groups_apps
- Group Code → group_id
- Application Name → app_name
- Access Privilege → priv_access
- Insert Privilege → priv_insert
- Delete Privilege → priv_delete
- Update Privilege → priv_update
- Export Privilege → priv_export
- Print Privilege → priv_print
SOCIAL NETWORKS:
- Table → sec_users_social
- Login → login
- Social network type → resource
- Social network ID → resource_id
SETTINGS:
- Table → sec_settings
- Name → set_name
- Value → set_value
Configuring in the production environment
When publishing the project, the Google login option may not work correctly yet. This happens because you need to configure the "ClientID" and "Secret" also in the production environment. To do this, just follow the steps below:
1. In the security module menu, access the app_settings application:
By default, it is linked to the shortcut named "Settings"
2. Go to the "Authentication via Social Networks" tab and fill in the "Client ID" and "Secret" fields:
3. Click "Ok" to save the changes.
Conclusion
In this article, we learned about Google Authentication and how to implement it in the Scriptcase security module.
For questions related to the security module, access the official security module documentation.
For questions related to the social network option, access the official option documentation.
Best regards, see you soon!
Related Articles
Security Module Two-Factor Authentication - Google Authenticator
Google Authenticator generates 2-step verification codes on your smartphone. Two-Step Verification provides greater security for your account as it requires a second verification step at login. In addition to the password, you will need a code ...Updating the Security Module to Support the New LDAP
LDAP is a widely used protocol for user management and authentication in corporate networks. It allows applications to connect to a centralized directory with Active Directory to validate credentials and obtain user information. In version 9.12, ...Update of the security module synchronization application
In order to improve security in our projects, we made several changes to the application files. One of these changes affected a crucial file that tells applications how to sync. To ensure that the synchronization continues to work correctly, we made ...Security module password recovery error
To fix the error during the security module password recovery process, you need to follow the steps below: Only available when using the option to email the change new password link. 1- Access the application app_change_pswd By default, when ...Upgrading the Security Module: how to migrate from the old to the new
Web application attacks are constantly evolving. With data being such a valuable asset, it is crucial to keep system security updated to avoid losses. The new security module, besides being extremely flexible and intuitive, implements several ...