[RFC] Auth Plugin Refactoring & User Integration

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
Renji
Registered User
Posts: 5
Joined: Wed Sep 26, 2012 6:19 pm

Re: [RFC] Auth Plugin Refactoring & User Integration

Post by Renji »

Agree mate, Even I need this. Sorry for bumping old topic.

grahamperrin
Registered User
Posts: 2
Joined: Sun Oct 28, 2012 10:48 am

third party authentication *only* for registration (option)

Post by grahamperrin »

Hardolaf wrote:
  • Admin Control Panel
    1. 3rd Party Services
      1. Choose which services to allow.
      2. … 
Not only third party.

I'd like an admin control panel to also – optionally – disallow the traditional e-mail-based approach to registration for end users. In other words, an option:
  • third party authentication only for user registration.
[/list][/list]

Post-registration, as fallback:
Hardolaf wrote:I was thinking of requiring a password for all users in case they lose access to their third party login service. This password could be used for admin reauthentication.
+1

Postscript: I just found [RFC] Registration & Login Overhaul (2011-05-17) … if some of my original post is covered elsewhere, apologies.

User avatar
mykkal
Registered User
Posts: 8
Joined: Sun Mar 24, 2013 4:15 am
Location: Atlanta, GA
Contact:

Re: [RFC] Auth Plugin Refactoring & User Integration

Post by mykkal »

is this implemented now & available?
I love technology to the point my home runs on Windows.
Favorite sites I've built. http://MyModelTalk.com http://Rashaentertainment.com

User avatar
imkingdavid
Registered User
Posts: 1050
Joined: Thu Jul 30, 2009 12:06 pm

Re: [RFC] Auth Plugin Refactoring & User Integration

Post by imkingdavid »

Not yet. I'm not sure of the status of the patch.
I do custom MODs. PM for a quote!
View My: MODs | Portfolio
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

seanieb
Registered User
Posts: 2
Joined: Fri Feb 06, 2009 11:07 pm

Re: [RFC] Auth Plugin Refactoring & User Integration

Post by seanieb »

My forums is in competition with several Facebook groups (which is sad, historical threads/conversations are almost inaccessible and undiscoverable). Removing the friction of registration from my forum would greatly increase the chances that some of these users will reply to a thread started on the forum.

I'd love if this auth system could be adopted into the main branch/code base.

aleha
Registered User
Posts: 143
Joined: Tue Mar 26, 2013 2:19 am

Re: [RFC] Auth Plugin Refactoring & User Integration

Post by aleha »

From what I read in the A1 release hightlighs here, isn't this merged? I can see the options in the ACP/Authentication and the code in "phpbb/auth/provider/oauth".

1) Long story short, I created a test board, registered with bit.ly, got a Key (client id) and Secret (client secret), changed the authentication method to OAuth in ACP but nothing happens.

Btw in my bit.ly app I have used the same url for both
  • App Link / Welcome page URL
  • Redirect URIs
which is: http://myhostname/phpBB3/

So this isn't fully merged?

2) In ACP there is a dropdown for authentication method allow to select one method.
What if I want by board to support both Db and OAuth simultaneously?

edit: Damn, those highlights deceived me. If this was fully merged then probably it would be on another category :D
My second question still stands though.

User avatar
imkingdavid
Registered User
Posts: 1050
Joined: Thu Jul 30, 2009 12:06 pm

Re: [RFC] Auth Plugin Refactoring & User Integration

Post by imkingdavid »

Yes it is fully merged. There is still missing documentation and the interface can use some work, but this is still alpha-quality software and changes will likely be made closer to the full release.

As for the second question, DB is a fallback when OAuth is selected. In fact, when you attempt to register with an Oauth provider, you still have to create a user in the database. You are then able to login with your username and password or via the oauth provider(s) you have set up and linked to the account.
I do custom MODs. PM for a quote!
View My: MODs | Portfolio
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

aleha
Registered User
Posts: 143
Joined: Tue Mar 26, 2013 2:19 am

Re: [RFC] Auth Plugin Refactoring & User Integration

Post by aleha »

Thanks for the answers. Since there isn't much to do, I'll wait for the docs.

Hardolaf
Google Summer of Code Student
Posts: 17
Joined: Sat Mar 31, 2012 10:43 pm

Re: [RFC] Auth Plugin Refactoring & User Integration

Post by Hardolaf »

Hopefully, I should get around to finishing the registration process. Currently, to log in or register you need to do it through the log in page. I finished what was merged shortly before midterms started and I haven't had much time to work on this since. But please, give us feedback so that we can make it better. Also, documentation is forth coming.

aleha
Registered User
Posts: 143
Joined: Tue Mar 26, 2013 2:19 am

Re: [RFC] Auth Plugin Refactoring & User Integration

Post by aleha »

Yes you are correct. A bit.ly button appears in the log in page.
I had to correct the redirect URIs in the bit.ly web app for this to work: and I got the following message from phpBB:
You have attempted to login with an external service that is not yet connected to an account on this board. You must now either link this account to an existing account or create a new account.
Bit.ly allows sign-in with a bit.ly account, facebook or twitter so that's kinda an indirect twitter support I guess.

PS: I haven't tested google and fb oauth yet.

Post Reply