Jump to content

user login through Facebook and Twitter (oauth)


Oliver
 Share

Recommended Posts

Lately I’ve been building a little script for a local journalist who manages a open Google Docs spreadsheet where Swiss journalists can enter there social media data like Twitter names etc. The script updates a Twitter list with the collected Twitter names in the spreadsheet, means it gets the document feed through Google Docs API and updates the list through Twitter API. Long story short I’ve been dealing with the oauth authentication mechanism. I started thinking about creating a module for PW to connect user accounts with oauth providers like Twitter. Could be helpful in more community focussed projects.

  • Like 5
Link to comment
Share on other sites

  • 8 months later...

I'm interested in this too, and did some research.

Looks like OAuth2 is going to be the simplest and most durable way to go?

I looked at bunch of libraries, and being a minimalist, I clearly favor Phil Sturgeon's implementation, here:

https://github.com/philsturgeon/codeigniter-oauth2

This is purely a client, which makes this library really thin and easy to reference for integration with ProcessWire.

This is a CodeIgniter module, but seems to have very few dependencies on CI, and has already been independently ported to other frameworks by various people.

For some reason it does not seem to have a Twitter provider. I don't know much about OAuth as such, but does Twitter not support OAuth2 yet maybe?

There's an OAuth (1) version of the same library:

https://github.com/philsturgeon/codeigniter-oauth

This one does have the Twitter provider.

I wonder why that is...

I think the three critical providers are going to be Google, FaceBook and Twitter - those must be supported. If that means we have to stick with OAuth1, maybe that's the way to go...

Thoughts?

  • Like 1
Link to comment
Share on other sites

Looking at the size and complexity of the OAuth1 and OAuth2 libraries from the same author, it is evident that OAuth2 is considerably less complicated to implement, which is something that appeals to me a lot.

I also don't like building for the past - pretty soon, everyone will support OAuth2, and then we'll need to upgrade.

It looks like the only major vendor not following suit yet is Twitter - pretty much everyone else is on board with OAuth2, and Twitter probably will be soon... It looks like there is some pressure from developers - and some talk here with other reasons why OAuth2 is the safer bet.

I would bet on OAuth2, and wait for Twitter to come along.

If the ProcessWire module maintains compatibility with Phil's OAuth2 provider interface, we should be able to port over (Twitter and other) new providers from his project with zero modifications, so that's another plus.

Link to comment
Share on other sites

Hmm, I looked at a couple of those... they seem pretty complex - they probably do a lot more than just authentication?

I think Phil's classes are a perfect starting point - they do precisely what I want, not a whole lot else, and having a single implementation with a multi-provider API means less repetition, and less code to maintain.

Link to comment
Share on other sites

Twitter auth is simple enough with Matt Harris' library (he works for Twitter).

I used to use Tijs' library myself, but Matt's is more up to date and seemed easier to use - it's used in one of my Twitter modules for PW in fact.

Link to comment
Share on other sites

@Pete your module probably does more than just authenticate with Twitter? Matt Harris' library has a lot of unnecessary code, and it uses OAuth1 protocol - so probably a good fit for a Twitter-specific module, but not a good choice for a multi-provider login module.

Link to comment
Share on other sites

Could we not just include a few more files? I know you're wanting everything to be Oauth2, but it does only take 20 mins to sort the Twitter integration - just a thought and not a criticism.

It's not like download size is really an issue either thinking about it.

I'm happy to take a look at it when the rest of the module is ready :)

Link to comment
Share on other sites

Pete, you're right in saying that download size won't make a big difference, but complicated codebase sure does. Of course good code should be modular and allow relatively minor additions (such as new auth methods in this case) without the need to alter "core module".. :)

  • Like 1
Link to comment
Share on other sites

It's just a case of including the class and you're away with a couple of lines of code though so I'm not getting where that's making it too complicated in this case.

I just personally don't think that it's a good idea to exclude Twitter because they don't use Oauth2 if its not hard to resolve - its an immensely popular platform and I think would be worth the extra code. Like I said, I'm happy to look at it once the rest of the module is done and see how best it makes sense to integrate it.

Link to comment
Share on other sites

Pete, I agree with you on the fact that Twitter is important and widely used. After reading couple of threads and posts about the subject, it doesn't seem obvious that they're going to support OAuth2 anytime soon either. It's just that these kind of "short-time compromises" are quite difficult to get rid of later on without breaking anything for existing users.

What I'm suggesting is that perhaps we're actually talking about two different modules here -- one for dinosaurs like Twitter, another for forward-oriented services which already support OAuth2?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...