Recommended Posts

OAuth2Login for ProcessWire

A Module which give you ability to login an existing user using your favorite thrid-party OAuth2 provider (i.e. Facebook, GitHub, Google, LinkedIn, etc.)..
You can login from the backend to the backend directly or render a form on the frontend and redirect the user to a choosen page.
Built on top of ThePhpLeague OAuth2-Client lib.

Registration is not handled by this module but planned.

 
Howto Install

Install the module following this procedure:

 - http://modules.processwire.com/modules/oauth2-login/
 - https://github.com/flydev-fr/OAuth2Login

Next step, in order to use a provider, you need to use Composer to install each provider

ie: to install Google, open a terminal, go to your root directory of pw and type the following command-line: composer require league/oauth2-google

Tested providers/packages :

  •     Google :  league/oauth2-google
  •     Facebook: league/oauth2-facebook
  •     Github: league/oauth2-github
  •     LinkedIn: league/oauth2-linkedin


More third-party providers are available there. You should be able to add a provider by simply adding it to the JSON config file.


Howto Use It

First (and for testing purpose), you should create a new user in ProcessWire that reflect your real OAuth2 account information. The important informations are, Last Name, First Name and Email. The module will compare existing users by firstname, lastname and email; If the user match the informations, then he is logged in.

ie, if my Google fullname is John Wick, then in ProcessWire, I create a new user  Wick-John  with email  johnwick@mydomain.com

Next step, go to your favorite provider and create an app in order to get the ClientId and ClientSecret keys. Ask on the forum if you have difficulties getting there.

Once you got the keys for a provider, just paste it into the module settings and save it. One or more button should appear bellow the standard login form.

The final step is to make your JSON configuration file.

In this sample, the JSON config include all tested providers, you can of course edit it to suit your needs :

{
  "providers": {
    "google": {
      "className": "Google",
      "packageName": "league/oauth2-google",
      "helpUrl": "https://console.developers.google.com/apis/credentials"
    },
    "facebook": {
      "className": "Facebook",
      "packageName": "league/oauth2-facebook",
      "helpUrl": "https://developers.facebook.com/apps/",
      "options": {
        "graphApiVersion": "v2.10",
        "scope": "email"
      }
    },
    "github": {
      "className": "Github",
      "packageName": "league/oauth2-github",
      "helpUrl": "https://github.com/settings/developers",
      "options": {
        "scope": "user:email"
      }
    },
    "linkedin": {
      "className": "LinkedIn",
      "packageName": "league/oauth2-linkedin",
      "helpUrl": "https://www.linkedin.com/secure/developer"
    }
  }
}

 

Backend Usage

In ready.php, call the module :

if($page->template == 'admin') { 
	$oauth2mod = $modules->get('Oauth2Login'); 
	if($oauth2mod) $oauth2mod->hookBackend(); 
}

 

Frontend Usage
Small note: At this moment the render method is pretty simple. It output a InputfieldForm with InputfieldSubmit(s) into wrapped in a ul:li tag. Feedbacks and ideas welcome!

For the following example, I created a page login and a template login which contain the following code :


    <?php namespace ProcessWire;

    if(!$user->isLoggedin()) {

            $options = array(
                'buttonClass' => 'my_button_class',
                'buttonValue' => 'Login with {provider}', // {{provider}} keyword
                'prependMarkup' => '<div class="wrapper">',
                'appendMarkup' => '</div>'
            );

            $redirectUri = str_lreplace('//', '/', $config->urls->httpRoot . $page->url);

            $content = $modules->get('Oauth2Login')->config(
              array(
                  'redirect_uri' => $redirectUri,
                  'success_uri'  => $page->url
              )
          )->render($options);
    }



 

Screenshot

 

1.thumb.png.e40cc1303d4e404380c4883fc5758520.png

OAuth2Login_pres.thumb.gif.3c120bd397a082cd55c1545b16b0bd49.gif

2.png

Edited by flydev
title typo
  • Like 16

Share this post


Link to post
Share on other sites

The module got renamed and updated a bit as its not intended to run only on the backend, but work also on frontend side.

 

- Now, the administrator can choose to activate or not the backend login buttons.

- The providers are added "dynamically". You have to simply edit a JSON config file which once saved, will show the required fields in the module settings.

 

For example the following JSON config will only provide Google as login provider :

{
  "providers": {
    "google": {
      "className": "Google",
      "packageName": "league/oauth2-google",
      "helpUrl": "https://console.developers.google.com/apis/credentials"
    }
  }
}

 

Small note for pw users :

If like me you did not know, there is another module that manages OAuth2 authentication. Feel free to use the one which suit your needs! more info there:

 

 

@jmartsch you should create a new module thread :)

 

  • Like 5

Share this post


Link to post
Share on other sites

Hey Horst,

I think that in the time the lib was made, Twitter was still using OAuth 1.0A - but looking at their doc (twitter) OAuth2 is now supported (?), their doc also stipulate they still use OAuth 1.0A...

https://dev.twitter.com/oauth

I will look at more closely.

Edited by flydev
link
  • Like 3

Share this post


Link to post
Share on other sites

Some more precisions : We can be able to code an adapter for Twitter application-only, and this is the list of what we can do with :

  • Pull user timelines;
  • Access friends and followers of any account;
  • Access lists resources;
  • Search in Tweets;
  • Retrieve any user information;

So I must assume we can get at least the email and/or the firstname/lastname or a nickname.

@horst let me know if you will think to code something about that or I will give a try.

  • Like 1

Share this post


Link to post
Share on other sites

Many thanks @flydev , for digging deeper!

I'm currently out of resources to code something like this. Was just searching for an already available solution to login via twitter.

Registration should be done via PW only, where the PW username is set to the twitter username.
(Frontend)-Login then should be done via Twitter only.

So, if we would be able to retrieve the email address too, it would be more than I currently need. :)

  • Like 1

Share this post


Link to post
Share on other sites

I quite played with their API (i am talking about Twitter here), its absolutely not possible to retrieve private information with the OAuth2 protocol (still waiting a confirmation on the twittercommunity) but no big hope here. We are forced to use the OAuth 1.a protocol for those sensible datas.

So, there I come with two propositions. I can make an exception and integrate Twitter and OAuth-1.a in this module or I publish a standalone module for Twitter login.

What do you think, a suggestion ?

  • Like 2

Share this post


Link to post
Share on other sites

@flydev: Really I'm not feeling in the right position to give suggestions here. I appreciate all the work and recherche you do here, so you should decide what is lesser work or fits better for you, for what ever reason. - If, at the end, a solution is available that let people login with their twitter account, it would be really great and is much more than there is atm. :-)

  • Like 3

Share this post


Link to post
Share on other sites

Hi @flydev ! Great plugin, works mostly like a charm! ;)

I had 2 issues tough:

1. with google, matching first- and last-name and usernames does not work with our setup (special chars in names that are not reflected in the username etc). I think, this makes the plugin somewhat unflexible. Would be great to have the option configure the matching, or at least an option to only match the users mail (checkbox in the backend). I just saw the "options" "scope" settings in your github json and wonder if this is already implemented but not documented?

2. We run our new page in a subdirectory and the redirect url is wrong (this is more of a process-wire issue since its not easy to get the absolute urls from the api) this results in path being present twice in the redirect url:

Problem: urls()->root + urls()->admin = //domain.com/path/ + /path/admin/ > //domain.com/path/path/admin/

This  solution would be the following:

// inside init()
$this->backendUrl = pages()->get('path="'.str_replace(urls()->root, '', urls()->admin).'", include=all')->httpUrl;

 

Keep up the great work!

  • Like 3

Share this post


Link to post
Share on other sites

@noelboss hey, glad you like it.  Thanks for the fix ! I will merge your PR today.

 

About the issue #1, I will try to implement it the next week-end. Lacking time here.

For the Github scope option, I also need to make it more flexible. The thing is that with Github, if we don't specify the scope, we can only get a public email, and only if the user has set his email "public", which by default is set to hidden, so its impossible to use email address to identify users, and I assume that most users don't want to set their email public..

And about the issue you posted on Github, I think I have already made this modification on my local dev module. I will check that at the same time as the "firstname/lastname" order issue.

  • Thanks 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By CarloC
      I'm using the LoginRegister module and I'm getting an internal server error when I try to login with a wrong password more than one time.
      I've found that the error comes from the SessionLoginThrottle.module, because, for security reasons, is better to prevent too many failed logins.
      Ok, good. But, am I wrong if I think it's too bad to show an Internal server error to the user instead of a simple error in template saying the user to wait X seconds to retry to login?
      Is there a way to do that? It would be great if I could get the error string and style it in the page the way I like.
      And in the SessionLoginThrottle admin configuration, I think that could be a good idea to be able to change the maximum number of login attempts before the error is shown.
    • By thuijzer
      https://github.com/thuijzer/processwire-FieldtypeBusinessHours
      Fieldtype Business Hours
      ProcessWire Fieldtype for entering business hours (opening hours)
       
      Input format
      Leave a day empty when closed on that day
      Times are in 24 hour format.
      9:00-12:00 9:00-12:00, 13:00-17:30 16:00-2:00  
      Usage in templates
      Days are from 1 to 7 where 1 is Monday and 7 is Sunday (ISO-8601)
      echo $page->field_name->isNowOpen() ? 'Now open' : 'Now closed'; if($page->field_name[1] == null) { echo 'Closed on Monday'; } if($page->field_name[2]->inRange('11:00')) { echo 'Tuesday at 11:00 open'; } echo $page->field_name[1]; echo $page->field_name[1]->entries[0]->getFrom()->format('H:i');  
    • By adrian
           Tracy Debugger for ProcessWire
      The ultimate “swiss army knife” debugging and development tool for the ProcessWire CMF/CMS
       

       
      Integrates and extends Nette's Tracy debugging tool and adds 30+ custom tools designed for effective ProcessWire debugging and lightning fast development
      The most comprehensive set of instructions and examples is available at: https://adrianbj.github.io/TracyDebugger
      Modules Directory: http://modules.processwire.com/modules/tracy-debugger/
      Github: https://github.com/adrianbj/TracyDebugger
      A big thanks to @tpr for introducing me to Tracy and for the idea for this module and for significant feedback, testing, and feature suggestions.
    • By Harmen
      Hello all,
      Was wondering if any of you tried to include the Exact PHP client by Picqer in Processwire (URL)? I am trying to at the moment but I am stuck at the Authorization process. Building it inside a module file to execute a certain function every 6 hours to update something on the website. For the authorization process the file has to execute the following piece of code:
      header('Location:'. $urlThatRedirectsMeToTheLoginOfExact); But each time I am trying  to do so, I get the following error: Cannot modify header information - headers already sent by (output started at /processwire/index.php:55). I am out of options so that's why I am trying to find someone who used this library and could get it to work or someone who knows how I can fix it.
      Tips are highly appreciated (if they work ;))
      Cheers, Harmen