[RFC|Replaced] Auth Plugin Refactoring & User Integration

[naderman]

Motivation
While authentication plugins have turned out to be very useful, their implementation imposes a number of unecessary limitations. It is impossible to use multiple mechanisms at the same time, to allow for example both OpenID and regular registration to be available. The plugins cannot change any of the user interface making it impossible to modify the login mask to reflect different input requirements, for example those of OpenID. It is difficult to integrate the profile data with other systems, this includes settings like username and passwords.

Proposal
Refactor the authentication plugins into an object oriented interface. Allow for multiple authentication plugins to be selected simultaneously and enable them to change the user interface. Profile changes to both account settings and profile data should either be preventable by such plugins or cause notification of the respective plugin so the data can also be changed in its own database.

Tracker Ticket
http://tracker.phpbb.com/browse/PHPBB3-9734

[nall]

For those of us who maintain user-centric extensions/mods:

What kind of DB or code-level changes are we looking at to support this? Are we expecting users to still be identified solely by user ID numbers, or will there be something more complex?


P.S. I work with several large boards, some phpBB, some not -- this is the biggest feature we've been waiting for, so we're very excited to see this in action.

[nall]

Anyone?

What kind of auth plugins can we expect on day one? Facebook Connect?

[DavidIQ]

What kind of DB or code-level changes are we looking at to support this? Are we expecting users to still be identified solely by user ID numbers, or will there be something more complex?

Not sure there's going to be a ton of db level changes but there will be code-level changes. These changes, however, will be negligible as this should all be a matter of dropping in your plugin, enabling it, and you're done.

As far as using user IDs I'm sure this will still be needed though I'm interested in knowing what other "more complex" identification could be used.

[nall]

What kind of DB or code-level changes are we looking at to support this? Are we expecting users to still be identified solely by user ID numbers, or will there be something more complex?

Not sure there's going to be a ton of db level changes but there will be code-level changes. These changes, however, will be negligible as this should all be a matter of dropping in your plugin, enabling it, and you're done.

As far as using user IDs I'm sure this will still be needed though I'm interested in knowing what other "more complex" identification could be used.

Potentially you could use pairs that identify the service provider and the user id, e.g.: (phpbb, 12345) (openid, user@host). However, assuming we're keeping user ids as-is, I assume a few more columns will be required in the users table.

I'm new to area51, so maybe there's already been some work done in this regard and I'm not aware of where to see it.

[naderman]

I'm new to area51, so maybe there's already been some work done in this regard and I'm not aware of where to see it.

Nope, but I'm about to start working on it.

[nall]

Nope, but I'm about to start working on it.

Will you be posting commit links?

Also, will there any other auth modules offered at launch? Several forums I work with want to offer "Facebook Connect" in addition to standard login.

[therealplato]

I registered this account to say 'this is a great idea!'
I'm starting to develop a site and I'm looking for a SSI solution for a forum, a wiki, and a CMS. I'm a novice at all of this but it looks to me like OpenID would be really nice to use with those tools.

[cleatusmcfarlan]

i'm not sure of the scope of what y'all are planning to do with this refactoring but if y'all could make it much easier for gpl'd cms' such as cms made simple's user authentication systems/modules to interoperate that would be extremely appreciated. it would be most desirable to have the possibility of using either system the site admin chooses on the front end and have user registration, login/out, groups, and group permissions(where possible) all synced on the backend using whichever system invisibly.
there used to be a user tag for cmsms that purportedly allowed some of this functionality but that was for old(2006) versions of cmsms and phpbb. And new users(like me) ever since have been confusedly clamoring for this not so simple functionality. If it's already fairly easy through hooks y'all have already implemented than forgive my ignorance as i have not seen this documentation yet and might not be able to use it if i did.

[Verline]

I registered this account to say 'this is a great idea!'
I'm starting to develop a site and I'm looking for a SSI solution for a forum, a wiki, and a CMS. I'm a novice at all of this but it looks to me like OpenID would be really nice to use with those tools.

I concur! Excellent Idea!