user login through Facebook and Twitter (oauth)

[Oliver]

Lately I’ve been building a little script for a local journalist who manages a open Google Docs spreadsheet where Swiss journalists can enter there social media data like Twitter names etc. The script updates a Twitter list with the collected Twitter names in the spreadsheet, means it gets the document feed through Google Docs API and updates the list through Twitter API. Long story short I’ve been dealing with the oauth authentication mechanism. I started thinking about creating a module for PW to connect user accounts with oauth providers like Twitter. Could be helpful in more community focussed projects.

[ryan]

Definitely sounds like a great idea and I agree about the value of it. If you decide to pursue such a projectm let me know how I can be of help.

[apeisa]

It would be superb to have module which maps local accounts with 3rd party services (like Twitter, Facebook, Google etc).

[mindplay.dk]

I'm interested in this too, and did some research.

Looks like OAuth2 is going to be the simplest and most durable way to go?

I looked at bunch of libraries, and being a minimalist, I clearly favor Phil Sturgeon's implementation, here:

https://github.com/philsturgeon/codeigniter-oauth2

This is purely a client, which makes this library really thin and easy to reference for integration with ProcessWire.

This is a CodeIgniter module, but seems to have very few dependencies on CI, and has already been independently ported to other frameworks by various people.

For some reason it does not seem to have a Twitter provider. I don't know much about OAuth as such, but does Twitter not support OAuth2 yet maybe?

There's an OAuth (1) version of the same library:

https://github.com/philsturgeon/codeigniter-oauth

This one does have the Twitter provider.

I wonder why that is...

I think the three critical providers are going to be Google, FaceBook and Twitter - those must be supported. If that means we have to stick with OAuth1, maybe that's the way to go...

Thoughts?

[mindplay.dk]

For the record, I asked Phil Sturgeon, and he confirmed that Twitter does not (yet?) support OAuth2.

[mindplay.dk]

Looking at the size and complexity of the OAuth1 and OAuth2 libraries from the same author, it is evident that OAuth2 is considerably less complicated to implement, which is something that appeals to me a lot.

I also don't like building for the past - pretty soon, everyone will support OAuth2, and then we'll need to upgrade.

It looks like the only major vendor not following suit yet is Twitter - pretty much everyone else is on board with OAuth2, and Twitter probably will be soon... It looks like there is some pressure from developers - and some talk here with other reasons why OAuth2 is the safer bet.

I would bet on OAuth2, and wait for Twitter to come along.

If the ProcessWire module maintains compatibility with Phil's OAuth2 provider interface, we should be able to port over (Twitter and other) new providers from his project with zero modifications, so that's another plus.

[Nico Knoll]

Hey, you should have a look here: http://classes.verkoyen.eu These are one-file classes for a lot of social networks.

[mindplay.dk]

Hmm, I looked at a couple of those... they seem pretty complex - they probably do a lot more than just authentication?

I think Phil's classes are a perfect starting point - they do precisely what I want, not a whole lot else, and having a single implementation with a multi-provider API means less repetition, and less code to maintain.

[apeisa]

I think doing oauth2 implementation is way to go. Twitter should do something useful with their API instead of teasing people.

[mindplay.dk]

Yeah, Twitter will catch up - go vote for OAuth2 support using the link above

[Pete]

Twitter auth is simple enough with Matt Harris' library (he works for Twitter).

I used to use Tijs' library myself, but Matt's is more up to date and seemed easier to use - it's used in one of my Twitter modules for PW in fact.

[mindplay.dk]

@Pete your module probably does more than just authenticate with Twitter? Matt Harris' library has a lot of unnecessary code, and it uses OAuth1 protocol - so probably a good fit for a Twitter-specific module, but not a good choice for a multi-provider login module.

[Pete]

Could we not just include a few more files? I know you're wanting everything to be Oauth2, but it does only take 20 mins to sort the Twitter integration - just a thought and not a criticism.

It's not like download size is really an issue either thinking about it.

I'm happy to take a look at it when the rest of the module is ready

[teppo]

Pete, you're right in saying that download size won't make a big difference, but complicated codebase sure does. Of course good code should be modular and allow relatively minor additions (such as new auth methods in this case) without the need to alter "core module"..

[Pete]

It's just a case of including the class and you're away with a couple of lines of code though so I'm not getting where that's making it too complicated in this case.

I just personally don't think that it's a good idea to exclude Twitter because they don't use Oauth2 if its not hard to resolve - its an immensely popular platform and I think would be worth the extra code. Like I said, I'm happy to look at it once the rest of the module is done and see how best it makes sense to integrate it.

[teppo]

Pete, I agree with you on the fact that Twitter is important and widely used. After reading couple of threads and posts about the subject, it doesn't seem obvious that they're going to support OAuth2 anytime soon either. It's just that these kind of "short-time compromises" are quite difficult to get rid of later on without breaking anything for existing users.

What I'm suggesting is that perhaps we're actually talking about two different modules here -- one for dinosaurs like Twitter, another for forward-oriented services which already support OAuth2?

[mindplay.dk]

Every other major player on the social web has moved to OAuth2 - I'm pretty confident that a major platform like Twitter will soon follow suit.