Web based family history software

file Question Looking for test users for a new custom module: OAuth 2.0 single sign on

  • Jefferson49
  • Jefferson49's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
4 weeks 6 hours ago - 4 weeks 6 hours ago #1 by Jefferson49
In the last weeks, I worked on a new custom module for OAuth 2.0 sign in. The module is published on Github and a documentation is available in the Readme.

What are the benefits of the webtrees-oauth2-client module?
  • The module provides single sign on (SSO) into webtrees based on the OAuth 2.0 standard.
  • A pre-configured set of authorization providers can be selected during webtrees login.
  • If choosing to sign in with an authorization provider, the user account data (i.e. user name, real name, email address) of the authorization provider is used for the user account in webtrees.
  • Single sign on allows a shared user management between webtrees and a content management system (e.g. Joomla, WordPress)
The module uses the League/oauth2-client  PHP library, which covers all the OAuth 2.0 communication. It is from a trustable source with a large community and integrates very well into the webtrees communication stack. A description of the concept can be found in the Readme on Github.

The League/oauth2-client supports to connect to a lot of different authorization providers (official League clients, additional 3rd party clients). Currently, the new webtrees module contains specific adapters to a subset of these League clients in order to connect webtrees with the following authorization providers:
  • Generic (can be configured for several authorization providers)
  • Github
  • Google
  • Joomla (with a specific authorization provider extension installed in Joomla)
  • WordPress (with a specific authorization provider plugin installed in WordPress)
While connecting to Github and Google usually works pretty straight forward, the combination with Joomla and WordPress can be more challenging. The communication between the OAuth client in webtrees and the OAuth server in Joomla/WordPress can depend on specific server and application settings, which might need trouble shooting

I spent significant time to test the new module with different authorization providers and the module has reach the state of a release candidate.

Before releasing the module, I would be happy to find some testers, who are willing to test the module, especially for Joomla/WordPress.

The puropose of testing would be to:
  • get feedback about the configuration and useability
  • learn if further documentation/description is needed in the Readme
  • learn if further hints for trouble shooting can be added
  • learn if further logging/debugging support is needed to support trouble shooting
  • get general feedback
If you are interested, you can contact me by email (see left side). General module issues can be posted on Github ; potential security issues should be forwarded by email only. General experiences can be shared in this thread in the forum.
Last edit: 4 weeks 6 hours ago by Jefferson49. Reason: Improved format of bullet points

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago #2 by ekdahl
Wow, great work!
I think especially the support for Google sign-in will be extremely useful.

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago #3 by xiao
Hello, could you consider logging in with WeChat(微信)?

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago #4 by Franz Frese
what to do on this page ? (can not follow your hints at google)

 

Please Log in or Create an account to join the conversation.

  • Jefferson49
  • Jefferson49's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 weeks 6 days ago #5 by Jefferson49

Hello, could you consider logging in with WeChat(微信)?
In the list of the 3rd party OAuth 2.0 clients of League , I found a client for WeChat , which is a strong indication that sign on with WeChat is possible (or was possible). However, the last release of this software is from 2017 and probably outdated. Anyway, it looks very simple and can probably be  configured with the available "Generic" client in the webtrees custom module.

With a short internet search, I could not find any detailed description of the configuration of an OAuth application within WeChat. I found two sources with a link to  mp.weixin.qq.com for the relevant information. One source also mentioned that it would need an "official WeChat account" to configure the OAuth 2.0 configuration in WeChat.

If you can find more information about the configuration in WeChat and want to have a try, I can support you on the client side.
 

Please Log in or Create an account to join the conversation.

  • Jefferson49
  • Jefferson49's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 weeks 6 days ago #6 by Jefferson49

what to do on this page ? (can not follow your hints at google)

 
Your are already on the right website. You can see the next two mouse clicks in the following screenshots:



Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago #7 by Franz Frese

Please Log in or Create an account to join the conversation.

  • Jefferson49
  • Jefferson49's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 weeks 6 days ago #8 by Jefferson49

und dann ?
Ah, ich sehe gerade, dass Du schon 3 Schritte weiter bist. Nächster Click ist "Anmeldedaten erstellen":

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago - 3 weeks 6 days ago #9 by Franz Frese
fertig.

Die Einrichtung bei Google bedarf einer Beschreibung, da sich dort ja Laien durcharbeiten müssen!
The setup on Google requires a description, since laypeople have to work through it!

Ok nur für den Verwalter | ok only for the control-panel admin.



Using the rural theme has to be adapted.

Until now I had no Menu for Login. Disable in settings for the menu disables the oauth2 login completely:

 
 
Last edit: 3 weeks 6 days ago by Franz Frese.

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago - 3 weeks 6 days ago #10 by hermann
For me the Rural theme looks ok! An icon is missing, but ok. I'm using login via Google.

Hermann
Designer of the custom module "Extended Family"

webtrees 2.1.22 (all custom modules installed, PHP 8.3.12, MariaDB 10.6) @ ahnen.hartenthaler.eu
Last edit: 3 weeks 6 days ago by hermann.

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago - 3 weeks 6 days ago #11 by Franz Frese
There is no Icon! compare with wbetrees theme!
and there is no dropdown in the webtrees theme ( soweit ich mich noch so kurz zurückerinnern kann )

that is what I want to have removed:

I now use css:
menu-oauth2-client { display: none; }    

but there should be a better way!
Last edit: 3 weeks 6 days ago by Franz Frese.

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago - 3 weeks 6 days ago #12 by Franz Frese
How do I  size the width for part (with Google) to be the same as above? (sorry my css knowledge is poor)


Is there an authorization provider preferable for apple, iphone or windows? 
meaning most of the users are already logged in?
Last edit: 3 weeks 6 days ago by Franz Frese.

Please Log in or Create an account to join the conversation.

  • Jefferson49
  • Jefferson49's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 weeks 6 days ago - 3 weeks 6 days ago #13 by Jefferson49

There is no Icon! compare with wbetrees theme!
and there is no dropdown in the webtrees theme ( soweit ich mich noch so kurz zurückerinnern kann )

that is what I want to have removed:

I now use css:
menu-oauth2-client { display: none; }    

but there should be a better way!
You do not need CSS to hide it. Since it is a regular webtrees menu item, you can go to control panel / modules / menus and deactivate the menu of the OAuth 2 client.

And, you can also use the regular sign in link. The regular sign in page contains buttons to sign in with authorization providers.

At the moment, the menu looks odd, because there is no icon for the rural theme included in the module CSS. I will add the rural theme icon in the next release.

As a short term workaround, you can duplicate the icons of the webtrees theme, which can be found here . Duplicate the CSS for the two icons and rename them to the rural theme, e.g .wt-theme-rural
Last edit: 3 weeks 6 days ago by Jefferson49. Reason: Added additional sentence

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago #14 by Franz Frese
I tried the deactivation of the menu, but then the whole module was deactivated.

Please Log in or Create an account to join the conversation.

More
3 weeks 5 days ago #15 by xiao

Hello, could you consider logging in with WeChat(微信)?
In the list of the 3rd party OAuth 2.0 clients of League , I found a client for WeChat , which is a strong indication that sign on with WeChat is possible (or was possible). However, the last release of this software is from 2017 and probably outdated. Anyway, it looks very simple and can probably be  configured with the available "Generic" client in the webtrees custom module.

With a short internet search, I could not find any detailed description of the configuration of an OAuth application within WeChat. I found two sources with a link to  mp.weixin.qq.com for the relevant information. One source also mentioned that it would need an "official WeChat account" to configure the OAuth 2.0 configuration in WeChat.

If you can find more information about the configuration in WeChat and want to have a try, I can support you on the client side.

 
Hello, this is the WeChat test account application address:
mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login

Please Log in or Create an account to join the conversation.

  • Jefferson49
  • Jefferson49's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 weeks 5 days ago #16 by Jefferson49

I tried the deactivation of the menu, but then the whole module was deactivated.
Yes, you are right. I am little bit surprised, because I thought this will only deactivate the menu not the complete module. Is this a bug in webtrees (?)

You can still hide the menu by deselecting/hiding it for each single tree (control panel / modules / menu ).

I managed to add the rural theme icons. You can download the new CSS file with the icons here .
 

Please Log in or Create an account to join the conversation.

  • Jefferson49
  • Jefferson49's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 weeks 5 days ago #17 by Jefferson49

Hello, this is the WeChat test account application address:
mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login
Thank you for the link. I tried to register.  However, I was not successful, because it requested for a lot of data and also needs to be approved by another user (registered for 6 months) with a QR code scan.

If it is o.k. for you and you have an existing WeChat user account, you could test the feasibility if registering of an OAuth application with a "development channel" is possible. I found the a description , which might be helpful. If you are able to reach the point where an "AppID" and a "appsecret" is generated, we can discuss how to proceed.

Please Log in or Create an account to join the conversation.

More
3 weeks 5 days ago #18 by Franz Frese

...
You can still hide the menu by deselecting/hiding it for each single tree (control panel / modules / menu ).
...

That is where I did. ( and that completely disables).

What other hiding did you mean?

Please Log in or Create an account to join the conversation.

  • Jefferson49
  • Jefferson49's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 weeks 5 days ago #19 by Jefferson49

What other hiding did you mean?
 

Please Log in or Create an account to join the conversation.

More
3 weeks 5 days ago #20 by Franz Frese
sorry, I only unchecked.

for menu in rural:

 

seems like not only the icon has to be changed!

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum