Jump to content

user login through Facebook and Twitter (oauth)

Recommended Posts

Lately I’ve been building a little script for a local journalist who manages a open Google Docs spreadsheet where Swiss journalists can enter there social media data like Twitter names etc. The script updates a Twitter list with the collected Twitter names in the spreadsheet, means it gets the document feed through Google Docs API and updates the list through Twitter API. Long story short I’ve been dealing with the oauth authentication mechanism. I started thinking about creating a module for PW to connect user accounts with oauth providers like Twitter. Could be helpful in more community focussed projects.

  • Like 5
Link to post
Share on other sites
  • 8 months later...

I'm interested in this too, and did some research.

Looks like OAuth2 is going to be the simplest and most durable way to go?

I looked at bunch of libraries, and being a minimalist, I clearly favor Phil Sturgeon's implementation, here:


This is purely a client, which makes this library really thin and easy to reference for integration with ProcessWire.

This is a CodeIgniter module, but seems to have very few dependencies on CI, and has already been independently ported to other frameworks by various people.

For some reason it does not seem to have a Twitter provider. I don't know much about OAuth as such, but does Twitter not support OAuth2 yet maybe?

There's an OAuth (1) version of the same library:


This one does have the Twitter provider.

I wonder why that is...

I think the three critical providers are going to be Google, FaceBook and Twitter - those must be supported. If that means we have to stick with OAuth1, maybe that's the way to go...


  • Like 1
Link to post
Share on other sites

Looking at the size and complexity of the OAuth1 and OAuth2 libraries from the same author, it is evident that OAuth2 is considerably less complicated to implement, which is something that appeals to me a lot.

I also don't like building for the past - pretty soon, everyone will support OAuth2, and then we'll need to upgrade.

It looks like the only major vendor not following suit yet is Twitter - pretty much everyone else is on board with OAuth2, and Twitter probably will be soon... It looks like there is some pressure from developers - and some talk here with other reasons why OAuth2 is the safer bet.

I would bet on OAuth2, and wait for Twitter to come along.

If the ProcessWire module maintains compatibility with Phil's OAuth2 provider interface, we should be able to port over (Twitter and other) new providers from his project with zero modifications, so that's another plus.

Link to post
Share on other sites

Hmm, I looked at a couple of those... they seem pretty complex - they probably do a lot more than just authentication?

I think Phil's classes are a perfect starting point - they do precisely what I want, not a whole lot else, and having a single implementation with a multi-provider API means less repetition, and less code to maintain.

Link to post
Share on other sites

Twitter auth is simple enough with Matt Harris' library (he works for Twitter).

I used to use Tijs' library myself, but Matt's is more up to date and seemed easier to use - it's used in one of my Twitter modules for PW in fact.

Link to post
Share on other sites

@Pete your module probably does more than just authenticate with Twitter? Matt Harris' library has a lot of unnecessary code, and it uses OAuth1 protocol - so probably a good fit for a Twitter-specific module, but not a good choice for a multi-provider login module.

Link to post
Share on other sites

Could we not just include a few more files? I know you're wanting everything to be Oauth2, but it does only take 20 mins to sort the Twitter integration - just a thought and not a criticism.

It's not like download size is really an issue either thinking about it.

I'm happy to take a look at it when the rest of the module is ready :)

Link to post
Share on other sites

Pete, you're right in saying that download size won't make a big difference, but complicated codebase sure does. Of course good code should be modular and allow relatively minor additions (such as new auth methods in this case) without the need to alter "core module".. :)

  • Like 1
Link to post
Share on other sites

It's just a case of including the class and you're away with a couple of lines of code though so I'm not getting where that's making it too complicated in this case.

I just personally don't think that it's a good idea to exclude Twitter because they don't use Oauth2 if its not hard to resolve - its an immensely popular platform and I think would be worth the extra code. Like I said, I'm happy to look at it once the rest of the module is done and see how best it makes sense to integrate it.

Link to post
Share on other sites

Pete, I agree with you on the fact that Twitter is important and widely used. After reading couple of threads and posts about the subject, it doesn't seem obvious that they're going to support OAuth2 anytime soon either. It's just that these kind of "short-time compromises" are quite difficult to get rid of later on without breaking anything for existing users.

What I'm suggesting is that perhaps we're actually talking about two different modules here -- one for dinosaurs like Twitter, another for forward-oriented services which already support OAuth2?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By prestoav
      Hi all,
      I've noticed that, when creating new users for clients, the chosen admin theme is not saved. For example, I create a new user select Reno or UIKit as the theme at point of creation and save. When logging in that user for the first time the admin theme is back to default. Changing it again and saving corrects this.

      Anyone else noticed this or is it a known bug at the moment?

      CMS V 3.0.156.

    • By ErikMH
      I’m new to Processwire. I’ve installed the current release version at my very-long-time (25 years) host, pair Networks. MySQL db is created. Installation process completed with no errors.
      I’m now trying to log in. Rather than taking the default `/admin` suggestion, I chose `/xyzzy`. When I go to `example.com/xyzzy`, PW displays a login screen, as expected. I enter the username (`xyzzy`) and password that I assigned (and copied and stored in 1Password) in the installation process (five words separated by hyphens). So far, so good.
      I would expect then to be taken to the admin pages. Or (if I got something wrong) to be given an error message. Instead, I’m taken to the URL `example.com/xyzzy/page/?login=1`, which as far as I can tell is exactly the same as the initial login page. No error is given.
      I grew so frustrated by this, that I deleted the entire installation and the MySQL database, re-downloaded PW, installed it again using a different username and password for the admin account.
      And I’m seeing exactly the same behavior. Time for me to ask you experts: WTF?
      Many thanks for any insights you may have....
    • By pideluxe
      From the recent discussion about the roadmap & wishlist for 2021 and some other posts by @ryan, it comes to my mind that developing and coordinating the whole project for one person is becoming harder and harder and leads nearly to the reverse of expanding the ProcessWire ecoysystem. This is not against Ryan, i think everyone here knows how engaged he is about ProcessWire, but he has only 24/7 (sometimes i think he's got far more than that...). 
      We as the community could support the project (financially) to relieve Ryan and could take over some tasks from him. This could be, but is not limited, to:
      Building a Foundation/Association/Company to ensure the persistence of the project and to fund the work put in ProcessWire of Ryan (and others). Nearly every other CMSs i checked has something like this (Drupal Association, Typo3 Association, Joomla Foundation, Wordpress Foundation, Contao Association, ...). This also puts more trust in the project, if someone new will check on his engagement in ProcessWire. Assigning persons/teams to work on things: Extending the core (when necessary) Developing and maintaining major modules (e.g. page builder, admin themes, internationalization, marketing, ecommerce system, ...) Testing and inspection of modules developed by others Making translations of modules (translation of the core is mostly covered, i think) Working on PRs & issues submitted on github Working on the homepage Coordinating the community efforts I know, some resorts are already covered by others (e.g. @Pete for the forum, @horst for images, ... ), but there are many other areas where this ist not the case. By joined efforts by the ProcessWire community this hopefully will also attract new developers to the system and by a growing number of users this assists in the things above in a circular process. What do you think? 
    • By Marvin
      I'm still new at processwire, i want to ask, i was create a website with sign in system, but i want to add a access roles/permission for each user at my website. For now, i just can create a login user without any permission and the user data became as a pages in my processwire.
      Here i attach my code for login
      <?php $note = $note2 = $hidden =""; if($input->get->id == "logout") { $session->remove('login_id'); } if($input->post->submit) { $email = $sanitizer->email($input->post->email); $pass = $sanitizer->text($input->post->pass); $result = $pages->find("email=$email, text_1=$pass"); if(!$email || !$pass) { $note = "Data belum lengkap"; } else { if($result->count > 0) { $session->login_id = "$result"; $hidden = "style = 'diplay:none'"; $url=$pages->get("/files/")->httpUrl; header("Location:$url"); die(); } else { $note = "Akun tidak ditemukan"; } } } ?> And this code for login form
      <div class="frow-container"> <div class="frow centered mt-50"> <div class="col-md-1-3"> <div class="box p-40 shadow-light"> <h2 class="mb-20 text-center" <?=$hidden?>>Database Partitur<br>GII HIT</h2> <form method="post" <?=$hidden?>> <label>Username <input type="text" name="email"></label> <label>Password <input type="password" name="pass"></label> <input type="submit" name="submit" value="Masuk"> </form> <p class="notif"><?=$note;?></p> <div class="text-center"><?=$note2;?></div> </div> </div> </div> </div> Just for remember, my user data now is a pages, and i cannot give any permission to user data.
      Thank you very much for help.
    • By kyksh
      I need users to login by their email address. This works when I change the value in ProcessLogin.module
       122     protected $useEmailLogin = null;
      122     protected $useEmailLogin = true;
      What would be a recommended way to enable this?
      There's this line in ProcessLogin.module:
        15  * @property bool|int $allowEmail Whether or not email login is allowed (0|false=off, 1|true=Yes, 2=Yes or name also allowed)
      But I can't figure out how to set this. I tried next to $useEmailLogin in ProcessLogin.module and in config.php, but neither takes effect.
      BTW I tried module LoginWithEmail but it seems outdated. My PW version is 3.0.165
  • Create New...