Login User without Password

[thomas]

Hello,

I want to build a site where people can *only* login with Google and/or Facebook (no registration possible). When someone connects with G+|FB I'd like to check if the ID is present in my Userlist and if not, create a new user with all the data I can get.

Now I'm asking myself (and you) how I can log the user into PW, since I won't have a password and the username they got on FB|G+ might even change. I need to find those accounts by the FB|G+ ID. I thought either to create a new user with username/pass = G+|FB-ID and a field stating if it's G+ or FB. The other way would be to have a way to select and login a user via a unique ID field, but i can't find something like a "loginByCondition" method in PW.

So I guess my questions are:

-is there a way to login users other than user/pass?

- which way would you suggest to build a system like that? My problem with the "user and pass == G+|FB-ID"-approach is that it smells like dirty hack and I couldn't, for instance, connect my own admin account with FB or G+ to make it work in front- and backend.

Any help and thoughts are appreciated!

Thanks,

thomas

[SiNNuT]

I'm assuming this is for use on the 'front-end' part of your site?

Facebook, Twitter and G+ all have ways to use their auth system. They are Oauth based.

See:

https://developers.facebook.com/docs/guides/web/#login

https://dev.twitter.com/docs/auth/sign-twitter

https://developers.google.com/+/api/oauth and http://www.9lessons.info/2011/10/login-with-google-plus-oauth.html

I guess you would build from that.

What kind of functionality do you want to offer users who login with FB, G+, Twitter, Yahoo id etc. ?

[thomas]

Cheers SiNNuT,

I've got the OAuth part figured out. Especially the 9lessons page helped. Now I try to find a way to connect it to PW users. Right now I tend to - set a username (generated by displayname on G+ or FB) and the ID as password. Then if someone returns to the site, look for the username to the G+ Id in the DB and log him in with that ...

Sorry for the messy posts, it's hard to switch between PHP and English ...

thomas

[apeisa]

You still want to create a local user account for each user. You can do this behind the scenes. I think each of those services offers a unique identifier for each of their accounts, so you want to save that data into your local accounts. When someones logins through 3rd party service you check if he has already logged in (you have user account with it's google/fb identifier saved on) and just log it in. If not, then you proceed to create a new account (either behind the scenes or something like "Choose your username", up to you of course).

Password is by no means "required" - you can just generate some unique 1-time hash and set it as a password and then login by using it.

[ryan]

If you don't need to have the user maintain any specific profile data or password, etc., then you can also just create one user and use it to represent all your social service logins. Or you could create one per service (facebook, g+, etc.). This only works if the user can't change anything on their PW account. It's basically the same thing that PW is already doing with the 'guest' user and role, assigning that user to anyone not already logged in.

[Pete]

As for actually checking against and creating an account, you could adapt something like this (note this won't work out of the box, it's just copied and pasted from something on one of my sites):

public function checkUser($forumUser) { // forumUser should be an array of: array('uid' => [integer], 'name' => [string])
  $u = wire('pages')->get("template=user, user_member_id={$forumUser['uid']}, include=all");
  if (!$u->name) {
  $u = new User();
     $u->name = $forumUser['name'];
     $u->user_name = $forumUser['name'];
     $u->user_member_id = $forumUser['uid'];
     $u->addRole("guest");
     $u->save();
  }
  return $u;
}

You could adapt the above to check for a user with a certain name and whatever unique identifier the social networking login methods give you.

I'd personally store that identifier in a field in the users template along with a field to store which social network it was - that way you don't run into issues with people from multiple networks having the same username and not being logged in.

As usual, there's lots to consider but hopefully that's a start.

[thomas]

Cheers Pete, that pretty much what I'm going for now. I use the ID from the network as unique identifier and password and generate a username that I query from the DB as soon as someone returns. It works great with Google already, now I need to squeeze Facebook in there as well.

Ryan, thanks for tips! It's amazing how many ways there are in PW to achieve a task. I need individual accounts though, since I need to give at least two different roles to people and I want them to be able to update their profile.

Thanks guys!

thomas

[Frank Vèssia]

a little improvement to the Pete code..i hope :

public function checkUser($forumUser) { // forumUser should be an array of: array('uid' => [integer], 'name' => [string])
$u = wire('users')->get("user_member_id={$forumUser['uid']}, include=all");
if ($u instanceof nullPage) {
	 $u = new User();
	 $u->name = $forumUser['name'];
	 $u->user_name = $forumUser['name'];
	 $u->user_member_id = $forumUser['uid'];
	 $u->addRole("guest");
	 $u->save();
}
return $u;
}

Also check this for a well done social implementation class...

http://opauth.org/

[Pete]

Thanks - I've not really used instanceof before but I remember reading about it somewhere else on the forums and I'm never quite sure of the best way to check for a non-existent page so it's handy to know that (and I'll make a note of it this time ).

[apeisa]

I always check for $page->id. Short and clear in my opinion.

[ryan]

if ($u instanceof nullPage) {

I think that letter case for "n" might possibly cause this if statement to fail. It would have to be "NullPage" not "nullPage". But I agree with Antti that checking $page->id instead is probably easier and less prone to typos, etc.

[quickjeff]

Hi guys, I have been reading through the forum posts and see that this thread relates to what I need to build. I am basically building an internal site for a company.  They are going to be adding an LMS.  Essentially they want SSO single sign-on.  I mentioned that the LMS they should have OAuth, any other suggestions or guidance?  I can see that the Facebook Module is very nice and a quick fix but this will basically require me to build a module that works in the same fashion. Only difference, Facebook developers portal pretty much makes it easier.