Jump to content
Oliver

user login through Facebook and Twitter (oauth)

Recommended Posts

Lately I’ve been building a little script for a local journalist who manages a open Google Docs spreadsheet where Swiss journalists can enter there social media data like Twitter names etc. The script updates a Twitter list with the collected Twitter names in the spreadsheet, means it gets the document feed through Google Docs API and updates the list through Twitter API. Long story short I’ve been dealing with the oauth authentication mechanism. I started thinking about creating a module for PW to connect user accounts with oauth providers like Twitter. Could be helpful in more community focussed projects.

  • Like 5

Share this post


Link to post
Share on other sites

Definitely sounds like a great idea and I agree about the value of it. If you decide to pursue such a projectm let me know how I can be of help.

Share this post


Link to post
Share on other sites

It would be superb to have module which maps local accounts with 3rd party services (like Twitter, Facebook, Google etc).

Share this post


Link to post
Share on other sites

I'm interested in this too, and did some research.

Looks like OAuth2 is going to be the simplest and most durable way to go?

I looked at bunch of libraries, and being a minimalist, I clearly favor Phil Sturgeon's implementation, here:

https://github.com/philsturgeon/codeigniter-oauth2

This is purely a client, which makes this library really thin and easy to reference for integration with ProcessWire.

This is a CodeIgniter module, but seems to have very few dependencies on CI, and has already been independently ported to other frameworks by various people.

For some reason it does not seem to have a Twitter provider. I don't know much about OAuth as such, but does Twitter not support OAuth2 yet maybe?

There's an OAuth (1) version of the same library:

https://github.com/philsturgeon/codeigniter-oauth

This one does have the Twitter provider.

I wonder why that is...

I think the three critical providers are going to be Google, FaceBook and Twitter - those must be supported. If that means we have to stick with OAuth1, maybe that's the way to go...

Thoughts?

  • Like 1

Share this post


Link to post
Share on other sites

Looking at the size and complexity of the OAuth1 and OAuth2 libraries from the same author, it is evident that OAuth2 is considerably less complicated to implement, which is something that appeals to me a lot.

I also don't like building for the past - pretty soon, everyone will support OAuth2, and then we'll need to upgrade.

It looks like the only major vendor not following suit yet is Twitter - pretty much everyone else is on board with OAuth2, and Twitter probably will be soon... It looks like there is some pressure from developers - and some talk here with other reasons why OAuth2 is the safer bet.

I would bet on OAuth2, and wait for Twitter to come along.

If the ProcessWire module maintains compatibility with Phil's OAuth2 provider interface, we should be able to port over (Twitter and other) new providers from his project with zero modifications, so that's another plus.

Share this post


Link to post
Share on other sites

Hmm, I looked at a couple of those... they seem pretty complex - they probably do a lot more than just authentication?

I think Phil's classes are a perfect starting point - they do precisely what I want, not a whole lot else, and having a single implementation with a multi-provider API means less repetition, and less code to maintain.

Share this post


Link to post
Share on other sites

I think doing oauth2 implementation is way to go. Twitter should do something useful with their API instead of teasing people.

Share this post


Link to post
Share on other sites

Twitter auth is simple enough with Matt Harris' library (he works for Twitter).

I used to use Tijs' library myself, but Matt's is more up to date and seemed easier to use - it's used in one of my Twitter modules for PW in fact.

Share this post


Link to post
Share on other sites

@Pete your module probably does more than just authenticate with Twitter? Matt Harris' library has a lot of unnecessary code, and it uses OAuth1 protocol - so probably a good fit for a Twitter-specific module, but not a good choice for a multi-provider login module.

Share this post


Link to post
Share on other sites

Could we not just include a few more files? I know you're wanting everything to be Oauth2, but it does only take 20 mins to sort the Twitter integration - just a thought and not a criticism.

It's not like download size is really an issue either thinking about it.

I'm happy to take a look at it when the rest of the module is ready :)

Share this post


Link to post
Share on other sites

Pete, you're right in saying that download size won't make a big difference, but complicated codebase sure does. Of course good code should be modular and allow relatively minor additions (such as new auth methods in this case) without the need to alter "core module".. :)

  • Like 1

Share this post


Link to post
Share on other sites

It's just a case of including the class and you're away with a couple of lines of code though so I'm not getting where that's making it too complicated in this case.

I just personally don't think that it's a good idea to exclude Twitter because they don't use Oauth2 if its not hard to resolve - its an immensely popular platform and I think would be worth the extra code. Like I said, I'm happy to look at it once the rest of the module is done and see how best it makes sense to integrate it.

Share this post


Link to post
Share on other sites

Pete, I agree with you on the fact that Twitter is important and widely used. After reading couple of threads and posts about the subject, it doesn't seem obvious that they're going to support OAuth2 anytime soon either. It's just that these kind of "short-time compromises" are quite difficult to get rid of later on without breaking anything for existing users.

What I'm suggesting is that perhaps we're actually talking about two different modules here -- one for dinosaurs like Twitter, another for forward-oriented services which already support OAuth2?

Share this post


Link to post
Share on other sites

Every other major player on the social web has moved to OAuth2 - I'm pretty confident that a major platform like Twitter will soon follow suit.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Tyssen
      I have a client who is reporting that in the last couple of days they can no longer login to their site with their normal browser (Chrome). Using another browser or an incognito window works.
      I've tried logging into the site using the same login details in my usual browser (Firefox) and have had no problems.
      The site is a membership site and today other members are reporting the same problem.
      The site is running 3.0.148 and has the session handler DB and login throttle modules installed. It was recently upgraded to 3.x from 2.x. But no changes have been made to the site between the time when they were able to login OK and when the problem started happening.
    • By codevark
      The Minimal Site works fine, but if I try to login as admin, I have no idea what the credentials are.
      I did not do the "install" process myself. The OVA came with everything set up, but there's no mention of the PW admin credentials being set to some initial value.
      Wondering if anyone else has tried the Bitnami OVA and if there's a simple answer.
      --Pete
    • By Dean
      Hi
      I'm creating a site where people can vote on dogs.
      To start with, I need the dog owners to register and then upload text, images, and videos about their dog. What I thought I could do is to create a page when the user registers. The page would be unique by using the member ID. So I would end up with:
      Home
           - Members
                -1001
                -1021
                -1025
       
      Then each member page would have 1 or more children which would be the dogs that they have added.
      I just wanted to ask if that is a good way of doing things or if there's maybe a much simpler way of doing this.
      Thanks in advance for any advice.
    • By Greg Lumley
      Hi! I've just discovered Processwire and I'm absolutely loving how clean it is. Especially with the full control over what it outputs. 
      Excuse me if this is a really stupid question.
      What happens if a user wants to insert multiple images into the blog field? In other words Shift+Click all the images attached to a specific page in and insert. It seems I can insert one at a time but not multiple.

      Based on the above, I want to rebuild my website. I'm a photographer (ex php dev 2004) and plan also to target websites at other photographers. So inserting multiple images into blog posts is a key part. I'd like to output that to something like UIkit or some kind of Masonry Gallery script. Any thoughts would be fantastic please. 
      Thank you.
      Greg. 
      I'm an ex PHP developer now photographer, now thanks to Corona and not photo work, a rusty PHP developer 😁
    • By dimitrios
      Hello,
      this module can publish content of a Processwire page on a Facebook page, triggered by saving the Processwire page.
      To set it up, configure the module with a Facebook app ID, secret and a Page ID. Following is additional configuration on Facebook for developers:
      Minimum Required Facebook App configuration:
      on Settings -> Basics, provide the App Domains, provide the Site URL, on Settings -> Advanced, set the API version (has been tested up to v3.3), add Product: Facebook Login, on Facebook Login -> Settings, set Client OAuth Login: Yes, set Web OAuth Login: Yes, set Enforce HTTPS: Yes, add "https://www.example.com/processwire/page/" to field Valid OAuth Redirect URIs. This module is configurable as follows:
      Templates: posts can take place only for pages with the defined templates. On/Off switch: specify a checkbox field that will not allow the post if checked. Specify a message and/or an image for the post.
      Usage
      edit the desired PW page and save; it will post right after the initial Facebook log in and permission granting. After that, an access token is kept.
       
      Download
      PW module directory: http://modules.processwire.com/modules/auto-fb-post/ Github: https://github.com/kastrind/AutoFbPost   Note: Facebook SDK for PHP is utilized.


×
×
  • Create New...