Please keep the forum protocol in mind when posting.

Judging Technology » Post: JudgeApps OpenID Connect Support (third-party authentication provider)

JudgeApps OpenID Connect Support (third-party authentication provider)

March 30, 2018 09:14:48 PM

Dan Collins
Forum Moderator
Judge (Level 5 (Judge Foundry)), Scorekeeper

USA - Northeast

JudgeApps OpenID Connect Support (third-party authentication provider)

Hello,

We have recently deployed an update to JudgeApps that allows it to function as an OpenID Connect Provider. This is a protocol that allows JudgeApps users to log in to other supported websites without entering a separate username and password. We’ve been testing it with some sites you may already be used to using at events, and now we’d like to tell you about it.

OpenID Connect
OpenID Connect will allow users of JudgeApps to log in to other Judge-related websites without making their own user account on those sites. Instead, the site sends the user to JudgeApps, the user “authorizes” the app, and JudgeApps reports back to the other site that the user successfully logged in. The third party is also able to use other information from JudgeApps, like the user’s level, or the list of events they are on staff for. For example, an app meant to be used at events may only be accessible to people on staff for that event.

This comes with a few main advantages. First, users don’t need to register accounts and remember passwords for many different sites - they just get a JudgeApps screen asking them to “authorize” your app. Second, it’s easier for other apps to handle logins: they don't have to handle user registration or profiles, and they don't need to worry about securely handling user passwords. Finally, it can give apps more information from JudgeApps: when a user logs in using this system, JudgeApps can pass information about their account. This can include profile information, as well as up-to-date information about their region, level, roles, and what events they are accepted to.

A Note About Privacy
We’d like to make it clear that nothing about this feature grants any third party any form of direct access to the JudgeApps database. The only information they receive from JudgeApps is the information that the user authorizes, and the user will see a “consent” page from JudgeApps for each app before any information about their user account is shared. As part of that page, the user will see a list of information that the third party has requested, and can choose to either continue the login, or decline permission to share that information. Additionally, the third party doesn’t see anyone’s password, and isn’t able to log in to anyone’s JudgeApps account.

You aren’t required to use this feature in order to use JudgeApps, however declining to use it may delay or limit your access to other sites that rely on JudgeApps authentication. As part of this feature, with your permission, we share information with other sites that you use. Obviously, JudgeApps does not control and is not responsible for the content or behavior of external sites you choose to access, and you should only choose to share information with sites you are comfortable entrusting with that information.

For Developers
We’ve already had several developers successfully test this with their own sites. There are implementations of OIDC in most common web languages. At the moment, you can request five sets of information from JudgeApps: User Profile, Email Address, Location, DCI information, and Events. We're open to adding more categories of information, or arranging the information differently, if you would find it beneficial.

I'm happy to answer more questions about this beta test, or register you as a “client” for testing purposes. Please send me an email through JudgeApps with some information about your application, and we’ll get started. I will need some information from you (authorized Redirect URLs for your site, and the OpenID Connect “authorization flow” you wish to use) in order to set up your ability to test this feature.


Dan Collins

Edited Dan Collins (March 30, 2018 09:15:17 PM)