OAuth
Contents
What is OAuth?
The idea behind OAuth is to get rid of the need to register separately with all the websites out there that require registration before you can use them. Instead of having to keep track of all the different accounts, you can use one login on every website that supports OAuth.
To quote the OAuth homepage:
- "An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications."
OAuth is a free and open protocol. It is not owned by any corporation.
OAuth in Geeklog
OAuth support in Geeklog differs slightly from the Remote Authentication support, but only in that it requires a separate login prompt.
To activate OAuth support there are several steps.
First you must go to the Configuration Admin panel:
- Configuration > Geeklog > Users and Submissions > Users > User Login Method[OAuth]
Set this option to "true". Just below this configuration option you will find the other OAuth settings. Currently Geeklog supports logging in via Facebook, LinkedIn and Twitter via OAuth. For each of these three login methods you will find an option to enable it and two text boxes for you to enter an Application Id and Application Secret Key (see below to find out how to get an Id and Secret Key). Each of these items needs to be filled out before the login button for it will be enabled. Once you have filled out the required information remember to then save the configuration changes.
Other requirements needed to enable Geeklogs OAuth Login process is you must have the PHP extension OpenSSL loaded on your web server.
When you log out, you will see one or more new login buttons in your site's User Functions block, below the normal login options:
The first time any user clicks on one of the OAuth login buttons they will be redirected to the website offering the OAuth login (Facebook, LinkedIn or Twitter). Here (if they are not currently logged into the website) they will be asked to login. Once logined they will then be asked if they wish to give permission to your Geeklog website to access some of your personal information. If the user approves the request they will then be redirected back to the Geeklog website which will then use the information to create a Geeklog user account and log them into the Geeklog website. If the user does not approve the request for information they will still be redirected back to the website but no Geeklog user account will be created.
The next time the user logs into your Geeklog website using the same OAuth login method Geeklog will check with the website providing the OAuth login to see if you are logged in the site. If not the user will be redirected to the site to login. Once they have the site will the redirect back to your Geeklog website.
When Geeklog uses OAuth to login it's users, it will never see your OAuth password - it will only get an "okay" back from the OAuth provider if you authenticated successfully.
Once a user has logged in via OAuth, they are just like any other Geeklog user. They can be added to groups, change their profile, do whatever else you allow your users to do on your site. And yes, OAuth users can also be banned.
Users that log in through OAuth are automatically added to the "Remote Users" group.
Limitations
- Currently, OAuth 1.0 is supported (OAuth 2.0 is still in development).
OAuth Login Methods
General review...
Access Facebook 'Create an Application' page, and input form.
http://developers.facebook.com/setup/
Access LinkedIn 'List of Applications' page, and click 'Add New Application'.
https://www.linkedin.com/secure/developer
Access 'Applications Using Twitter' page and click 'Register a new application'.
https://twitter.com/apps
Application Type: Select 'Browser'
Callback URL: Input URL same as Website
Default Access type: Select 'Read & Write'
Use Twitter for login: Check