Make Your Odoo A OAuth-2 Provider

Login as EKIKA (Your Odoo System)

Are you Odoo Admin?

Tip: Mange One Account for Several Odoo Systems.


  • Use Odoo as your oAuth2 provider.
  • Just similar to "Login in as Google".


Buy Now

Buy App

Click Buy Now Button Above.

OR

Contact Us to Setup it on your environment.

Install It

Put Module in Addons Path. Install dependency "oauthlib==3.2.2". Restart Odoo Service.

Register Client Application

Go to OAuth 2 Menu and Create a Client App.

Setup Client

Go to another system and Make OAuth Provider in it.

Settings >> User & Companies >> OAuth Providers

Login with Your Odoo in Any Application

Following is OAuth Provider Setup & Configuration.

Provider System and Client System Configuration
Left: Auth2 Provider System where you are expected to install our module "ekika_oauth2_provider" OAuth2 Provider.
Right: A Resource System which will consume auth of provider system Left side here to allow user to access their resources.

Step by Step OAuth Provider Guide for Odoo

How it Works? 

OAuth 2.0's Implicit Grant is a simplified OAuth flow primarily used for client-side or browser-based applications (such as JavaScript apps) where the client application can't keep its client secret confidential. It's primarily used for scenarios where the client application runs in the user's browser and can't securely store sensitive information.

In the Implicit Grant flow, after the user authenticates with the authorization server (typically through a login screen), the authorization server immediately redirects the user back to the client application with an access token included in the URL fragment (part after the # sign). Unlike other OAuth flows, there is no token exchange step in the Implicit Grant flow.

Here's a basic overview of how "OAuth Provider" module works with social login on another system:

Let's consider that user is on intended system where he or she want to access resources.
  • User initiates login: The user clicks on a social login button within the Resource Application (i.e. easyapi.ekika.app as an example), such as "Login with Google" or "Login with Facebook" and here "Login with EKIKA".
  • Redirect to Authorization Provider Server: The resource application redirects the user to the appropriate authorization server (e.g., Google, Facebook, here in this example oauth-provider.ekika.app) with the necessary parameters for initiating the OAuth flow.
  • User Authenticates: The user enters their credentials on the authorization server's login screen and grants permission for Resource System to access their account data.
  • Authorization Provider Server redirects back to Resource System: After authentication and authorization, the authorization provider server redirects the user's browser back to resource system along with an access token included in the URL fragment.
  • Resource System Extracts Access Token: Resource System extracts the access token from the URL fragment and uses it to make system working as per your desired plan on resource system.
  • User Accesses Resource System: The user is now logged in to Resource System and can access the application using their Odoo's (Authorization Provider Server) login credentials.

It's worth noting that while the Implicit Grant flow is simpler to implement, it has some security implications. Since the access token is transmitted directly to the client application (in the URL fragment), it could potentially be exposed to unauthorized parties if not handled properly. Additionally, there's no refresh token in this flow, meaning the access token cannot be refreshed without user interaction, potentially leading to shorter-lived sessions.

dans Voyager