Updating the Security Module to Support Google Login

Updating the Security Module to Support Google Login

With the replacement of the NCP protocol with the ARPANET TCP/IP protocol, the internet gained space to evolve constantly. As more people joined the internet, things needed to happen faster, making the evolution process almost exponential: the faster a service was, the faster we wanted it to be. Nowadays, such speed can often be translated into to eliminate monotonous steps.

With the new Google account login feature in the security module, it is possible to take advantage of all the security layers of the Google ecosystem while maintaining a high level of agility. In this article, we will learn how to update the security module to have this powerful feature in our system.

Info
Be aware that you will need the "ClientID" and "Secret" credentials from the Google Identity Service library pre-configured to use this feature. If you have questions or do not know how to create and configure the library, read the tutorial on how to set up the Google Identity Service!
Info
If you are using the old security module, you will need to migrate to the new one. If you have any doubts or are unsure how to migrate, read the module migration tutorial!
Warning
Always make a security backup before any changes!

If I did not use the social network option

If your security module does not use the social login option, you will need to prepare it to receive this new function. For this, we will create a new table in the database called "sec_users_social":

Notes
If your security module already uses the social network option with Twitter and/or Facebook, skip to the next section.
Warning
The Database Builder is not available for all DBMSs. The same changes can be made using any tool that allows database management, such as DBeaver.

1. Access the Database Builder in "Database → Database Builder":

2. Look for the "SQL Command" option:


3. Execute the "CREATE TABLE" SQL command with the fields "login", "resource" and "resource_id":

Alert
Note that the fields are of type VARCHAR(255) because we are using MySQL as an example. You need to select the corresponding type according to your DBMS.

  1. CREATE TABLE `sec_users_social` ( `login` VARCHAR(255) NOT NULL, `resource` VARCHAR(255) NOT NULL, `resource_id` VARCHAR(255) NOT NULL, PRIMARY KEY (`login`, `resource`, `resource_id`) );



Updating the module with the new option

With everything properly configured, just update the security module:


1. Access "Modules → Security":

2. Click on "Create Security Module"":


3. Select the type of security to be used: 
Notes
The option is only available for the types "Group", "Application", and "User".

4. Select the connection that has your security module tables, choose "Use existing tables", and check "Use social networks":


5. Click the reload button “↻” so Scriptcase can see the table changes and click “Next”:


6. Associate the fields with the corresponding columns and click “Proceed”:

USER

  • Table → sec_users
  • Login → login
  • Password → pswd
  • Name → name
  • Phone → phone
  • Position → role
  • E-mail → email
  • Active → active
  • Activation code → activation_code
  • Administrator privilege → priv_admin
  • Two-Factor authentication (2FA) → mfa
  • Picture → picture
  • Last password change → pswd_last_updated
  • Revalidation time → mfa_last_updated

GROUP:

  • Table → sec_groups
  • ID → group_id
  • Description → description


APPLICATION:

  • Table → sec_apps
  • Application Name → app_name
  • Description → description
  • Type of Application → app_type


USER/GROUP:

  • Table → sec_users_groups
  • Login → login
  • Group Code → group_id


GROUP/APPLICATION:

  • Table → sec_groups_apps
  • Group Code → group_id
  • Application Name → app_name
  • Access Privilege → priv_access
  • Insert Privilege → priv_insert
  • Delete Privilege → priv_delete
  • Update Privilege → priv_update
  • Export Privilege → priv_export
  • Print Privilege → priv_print


SOCIAL NETWORKS:
  • Table → sec_users_social
  • Login → login
  • Social network type → resource
  • Social network ID → resource_id


SETTINGS:

  • Table → sec_settings
  • Name → set_name
  • Value → set_value

7. In "General", choose the prefix for the applications of the new module:


8. Fill in the "E-mail Settings" tab:


9. In "Social Network", select "Google" and fill in the "ClientID" and "Secret" fields. After that, click on "Generate security":


10. The "Save Profile" tab is optional — you can read more about it in the documentation of the new security module. Click on "OK":

Configuring in the production environment

When publishing the project, it is possible that the Google login option may not be working correctly. This happens because it is necessary to configure "ClientID" and "Secret" in the production environment as well. To do this, we need to prepare the production environment's database and then insert the variables in the security module settings tab:

1. Execute the SQL command "CREATE TABLE" in the production database:
Notes
If you were already using the social login option with Twitter and/or Facebook in production, there is no need to execute the CREATE TABLE command.
Alert
Note that the fields are of type VARCHAR(255), as we are using MySQL for the example. You should select the corresponding type based on your DBMS.
  1. CREATE TABLE `sec_users_social` (
  2.   `login` VARCHAR(255) NOT NULL,
  3.   `resource` VARCHAR(255) NOT NULL,
  4.   `resource_id` VARCHAR(255) NOT NULL,
  5.   PRIMARY KEY (`login`, `resource`, `resource_id`)
  6. );

2. Execute the SQL "INSERT" command into the sec_settings table in the production database:
  1. INSERT INTO sec_settings(set_name, set_value) VALUES ('auth_sn_position''below');
  2. INSERT INTO sec_settings(set_name, set_value) VALUES ('auth_sn_fb''N');
  3. INSERT INTO sec_settings(set_name, set_value)  VALUES ('auth_sn_fb_app_id''');
  4. INSERT INTO sec_settings(set_name, set_value) VALUES ('auth_sn_fb_secret''');
  5. INSERT INTO sec_settings(set_name, set_value) VALUES ('auth_sn_x''N');
  6. INSERT INTO sec_settings(set_name, set_value)  VALUES ('auth_sn_x_key''');
  7. INSERT INTO sec_settings(set_name, set_value)  VALUES ('auth_sn_x_secret''');
  8. INSERT INTO sec_settings(set_name, set_value)  VALUES ('auth_sn_google''N');
  9. INSERT INTO sec_settings(set_name, set_value)  VALUES ('auth_sn_google_client_id''');
  10. INSERT INTO sec_settings(set_name, set_value) VALUES ('auth_sn_google_secret''');

3. In the security module menu, access the app_settings application:
Info
By default, it is linked to the shortcut named "Settings"


4. Go to the "Authentication via Social Networks" tab and fill in the "Client ID" and "Secret" fields:


5. Click "Ok" to save the changes.

Conclusion

In this article, we learned about Google Authentication and how to implement it in the Scriptcase security module.

For questions related to the security module, access the official security module documentation.
For questions related to the social network option, access the official option documentation.

Best regards, see you soon!


    • Related Articles

    • Security Module Two-Factor Authentication - Google Authenticator

      Google Authenticator generates 2-step verification codes on your smartphone. Two-Step Verification provides greater security for your account as it requires a second verification step at login. In addition to the password, you will need a code ...
    • Updating the Security Module to Support the New LDAP

      LDAP is a widely used protocol for user management and authentication in corporate networks. It allows applications to connect to a centralized directory with Active Directory to validate credentials and obtain user information. In version 9.12, ...
    • Update of the security module synchronization application

      In order to improve security in our projects, we made several changes to the application files. One of these changes affected a crucial file that tells applications how to sync. To ensure that the synchronization continues to work correctly, we made ...
    • Enabling the Google Identity Service Library

      To use the login functionality with Google Authentication in Scriptcase, it is necessary to have the Google Identity Service previously configured and the "ClientID" and "Secret" keys available for use. In this article, we will learn how to configure ...
    • Security module password recovery error

      To fix the error during the security module password recovery process, you need to follow the steps below: Only available when using the option to email the change new password link. 1- Access the application app_change_pswd By default, when ...