[RFC|Replaced] Auth Plugin Refactoring & User Integration

These RFCs were either rejected or have been replaced by an alternative proposal. They will not be included in phpBB.
User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Berlin, Germany
Contact:

[RFC|Replaced] Auth Plugin Refactoring & User Integration

Post by naderman »

Motivation
While authentication plugins have turned out to be very useful, their implementation imposes a number of unecessary limitations. It is impossible to use multiple mechanisms at the same time, to allow for example both OpenID and regular registration to be available. The plugins cannot change any of the user interface making it impossible to modify the login mask to reflect different input requirements, for example those of OpenID. It is difficult to integrate the profile data with other systems, this includes settings like username and passwords.

Proposal
Refactor the authentication plugins into an object oriented interface. Allow for multiple authentication plugins to be selected simultaneously and enable them to change the user interface. Profile changes to both account settings and profile data should either be preventable by such plugins or cause notification of the respective plugin so the data can also be changed in its own database.

Tracker Ticket
http://tracker.phpbb.com/browse/PHPBB3-9734

nall
Registered User
Posts: 6
Joined: Fri Oct 22, 2010 10:35 am

Re: [RFC|Accepted] Auth Plugin Refactoring & User Integratio

Post by nall »

For those of us who maintain user-centric extensions/mods:

What kind of DB or code-level changes are we looking at to support this? Are we expecting users to still be identified solely by user ID numbers, or will there be something more complex?


P.S. I work with several large boards, some phpBB, some not -- this is the biggest feature we've been waiting for, so we're very excited to see this in action.

nall
Registered User
Posts: 6
Joined: Fri Oct 22, 2010 10:35 am

Re: [RFC|Accepted] Auth Plugin Refactoring & User Integratio

Post by nall »

Anyone?

What kind of auth plugins can we expect on day one? Facebook Connect?

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1904
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [RFC|Accepted] Auth Plugin Refactoring & User Integratio

Post by DavidIQ »

nall wrote:What kind of DB or code-level changes are we looking at to support this? Are we expecting users to still be identified solely by user ID numbers, or will there be something more complex?
Not sure there's going to be a ton of db level changes but there will be code-level changes. These changes, however, will be negligible as this should all be a matter of dropping in your plugin, enabling it, and you're done.

As far as using user IDs I'm sure this will still be needed though I'm interested in knowing what other "more complex" identification could be used.
Image

nall
Registered User
Posts: 6
Joined: Fri Oct 22, 2010 10:35 am

Re: [RFC|Accepted] Auth Plugin Refactoring & User Integratio

Post by nall »

DavidIQ wrote:
nall wrote:What kind of DB or code-level changes are we looking at to support this? Are we expecting users to still be identified solely by user ID numbers, or will there be something more complex?
Not sure there's going to be a ton of db level changes but there will be code-level changes. These changes, however, will be negligible as this should all be a matter of dropping in your plugin, enabling it, and you're done.

As far as using user IDs I'm sure this will still be needed though I'm interested in knowing what other "more complex" identification could be used.
Potentially you could use pairs that identify the service provider and the user id, e.g.: (phpbb, 12345) (openid, user@host). However, assuming we're keeping user ids as-is, I assume a few more columns will be required in the users table.

I'm new to area51, so maybe there's already been some work done in this regard and I'm not aware of where to see it.

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Berlin, Germany
Contact:

Re: [RFC|Accepted] Auth Plugin Refactoring & User Integratio

Post by naderman »

nall wrote:I'm new to area51, so maybe there's already been some work done in this regard and I'm not aware of where to see it.
Nope, but I'm about to start working on it.

nall
Registered User
Posts: 6
Joined: Fri Oct 22, 2010 10:35 am

Re: [RFC|Accepted] Auth Plugin Refactoring & User Integratio

Post by nall »

naderman wrote:Nope, but I'm about to start working on it.
Will you be posting commit links?

Also, will there any other auth modules offered at launch? Several forums I work with want to offer "Facebook Connect" in addition to standard login.

therealplato
Registered User
Posts: 1
Joined: Thu Feb 03, 2011 9:16 pm

Re: [RFC|Accepted] Auth Plugin Refactoring & User Integratio

Post by therealplato »

I registered this account to say 'this is a great idea!'
I'm starting to develop a site and I'm looking for a SSI solution for a forum, a wiki, and a CMS. I'm a novice at all of this but it looks to me like OpenID would be really nice to use with those tools.

cleatusmcfarlan
Registered User
Posts: 2
Joined: Tue Jul 26, 2011 1:16 am

Re: [RFC|Accepted] Auth Plugin Refactoring & User Integratio

Post by cleatusmcfarlan »

i'm not sure of the scope of what y'all are planning to do with this refactoring but if y'all could make it much easier for gpl'd cms' such as cms made simple's user authentication systems/modules to interoperate that would be extremely appreciated. it would be most desirable to have the possibility of using either system the site admin chooses on the front end and have user registration, login/out, groups, and group permissions(where possible) all synced on the backend using whichever system invisibly.
there used to be a user tag for cmsms that purportedly allowed some of this functionality but that was for old(2006) versions of cmsms and phpbb. And new users(like me) ever since have been confusedly clamoring for this not so simple functionality. If it's already fairly easy through hooks y'all have already implemented than forgive my ignorance as i have not seen this documentation yet and might not be able to use it if i did.

Verline
Registered User
Posts: 1
Joined: Sat Jan 14, 2012 11:23 pm

Re: [RFC|Accepted] Auth Plugin Refactoring & User Integratio

Post by Verline »

therealplato wrote:I registered this account to say 'this is a great idea!'
I'm starting to develop a site and I'm looking for a SSI solution for a forum, a wiki, and a CMS. I'm a novice at all of this but it looks to me like OpenID would be really nice to use with those tools.
I concur! Excellent Idea!

Post Reply