Question Looking for test users for a new custom module: OAuth 2.0 single sign on
- Franz Frese
- Away
- Elite Member
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
It seems like the small selection arrows right to the menu icons are a deliberate element of menus in the Rural theme. Even the theme author has those arrows on his website . Therefore, from the custom module point of view, I should not modify them.for menu in rural:
seems like not only the icon has to be changed!
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
Yes, this is really ugly. I was able to fix it. The updated file is available on Github.next:
Please Log in or Create an account to join the conversation.
- Franz Frese
- Away
- Elite Member
Perhaps the text can simply be changed to "Anmelden mit" ("Login with") . (no need to say "authorisation provider")
So now, it seems, as if I can login the way as before or with an authorisation provider, but I can not. If I could set the password, that would be possible. A use case would be, if I visit a relative, who has a computer, but not my authorisation provider data. So no need for two accounts in webtrees. (I tested by changing the passwd as admin and that works, but better if the user can set/change the password)
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
So now, it seems, as if I can login the way as before or with an authorisation provider, but I can not. If I could set the password, that would be possible. A use case would be, if I visit a relative, who has a computer, but not my authorisation provider data. So no need for two accounts in webtrees. (I tested by changing the passwd as admin and that works, but better if the user can set/change the password)
I spent some thoughts on the password issue and decided to separate OAuth 2 user accounts and normal user accounts. In several views and menus, the custom module checks if you are logged in with an authorization provider and reacts differently. One important issue is keeping the user credentials consistent. The webtrees-OAuth2-client, does not allow the user to change the primary link between the user account in webtrees and at the authorization provider. For example, changing the email address in webtrees would break the link to the Google account.
If you are aware of the risks (to change user data) and can accept some inconsistent behavior, you can still go to "Control panel / User administration / Edit the user" and change the password.
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
Good proposal. I changed the text to "Sign in with" ("Anmelden mit")Perhaps the text can simply be changed to "Anmelden mit" ("Login with") . (no need to say "authorisation provider")
Please Log in or Create an account to join the conversation.
- Franz Frese
- Away
- Elite Member
As fas as I see, the password is not necessary (used) for SSO, imho should be changable by the user ( hinting its only the webtrees password ) .
If so, I would vote for making a change by user possible.
Please Log in or Create an account to join the conversation.
- xmlf
- Offline
- Junior Member
Currently I have a question, is using OAuth2 login to use webtrees as server or client?
What happens to users who have already registered before using the module?
Wang Family Website of Suining County, China
www.snwsjz.com
A family tree website that is customized, more humanized and convenient for users.
WeChat Automatic login and family tree hangi
Please Log in or Create an account to join the conversation.
- Franz Frese
- Away
- Elite Member
The OAUth2/SSO login has the same function as the "normal" login.Very glad to see this module come out.
Currently I have a question, is using OAuth2 login to use webtrees as server or client?
What happens to users who have already registered before using the module?
existing users stay as they are (or manually deleted by the admin), a new entry is created.
p.s.: that is why I talked from the password, simply for something like manual merging.
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
The webtrees module operates as a client, which means that it allows to use OAuth 2.0 providers (servers) for authorization. It does not operate as an OAuth 2.0 server (which would allow other applications to use the webtrees credentials to sign in into other applications).Very glad to see this module come out.
Currently I have a question, is using OAuth2 login to use webtrees as server or client?
Please Log in or Create an account to join the conversation.
- Franz Frese
- Away
- Elite Member
when I check that, no page to login is visible anymore ( I have no primary login entry).!!!
Please Log in or Create an account to join the conversation.
- Franz Frese
- Away
- Elite Member
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
Yes, you have to be careful not to hide all login menus. If you hide the custom module login menu and also hide the original webtrees login menu, there is no login link left.another thing:
when I check that, no page to login is visible anymore ( I have no primary login entry).!!!
I will check if I can recognize this situation and show a warning in the module settings.
If all the login menus are gone, you can still get the login page with the following route in the browser line: /index.php?route=%2Fwebtrees%2Flogin
Afterwards, you can get to the module settings and reactivate the login menu.
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
I did not try yet, but if I want to show more than one other provider for example facebook and instagram .
If you configure several authorization providers, it looks like this:
Please Log in or Create an account to join the conversation.
- Franz Frese
- Away
- Elite Member
because they are not predefined and I see only one entry for "others" in your docus.
wordpress, joomla, github are providers/apps that are not commonly used by the standard user (imho).
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
i mean especially these: facebook and instagram .
because they are not predefined and I see only one entry for "others" in your docus.
wordpress, joomla, github are providers/apps that are not commonly used by the standard user (imho).
First of all, my own motivation is to provide a solution for webtrees and CMS integration, since I use Joomla/webtrees on my own websites and other users use WordPress/webtrees. Thats why I spent some work to include clients for Joomla and WordPress.
The second reason for the available clients is League. As official clients , they offer: Facebook, Github, Google, Instagram, LinkeIn. I tested all of those. However, Facebook, Instagram and LinkedIn only offer the authorization provider service for companies and require corresponding certificates. Therefore, I could not test those and only implemented Github and Google.
In general, I am open to include further clients for other authorization providers depending on the needs of the webtrees community.
Please Log in or Create an account to join the conversation.
- xmlf
- Offline
- Junior Member
Because users visit websites because their data is in the webtrees. Using webtrees as a server can better identify the identity of users, and users can only participate in the use of cms after registering with webtrees.
Other cms can also decide whether some content has access by whether the user is approved in webtrees.
Now using webtrees as a client only adds a login method (or simplifies the registration process), and other cms programs can't tell whether this user is a family member.
Wang Family Website of Suining County, China
www.snwsjz.com
A family tree website that is customized, more humanized and convenient for users.
WeChat Automatic login and family tree hangi
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
I think it is more appropriate to use webtrees as the server mode.
Because users visit websites because their data is in the webtrees. Using webtrees as a server can better identify the identity of users, and users can only participate in the use of cms after registering with webtrees.
Other cms can also decide whether some content has access by whether the user is approved in webtrees.
Now using webtrees as a client only adds a login method (or simplifies the registration process), and other cms programs can't tell whether this user is a family member.
Using webrtrees as an authorization server is a complete different story and would require an additional custom module.
For my own Joomla/webtrees installations, I think that Joomla is the overall master framework for my genealogy website and webtrees is a sub-component within the overall website. Therefore, it seems to be straight forward to use Joomla as the authorization provider.
The mentioned point "only adds a login method" is true for both cases - with webtrees or the CMS being the authorization provider. Sign in with OAuth 2.0 mainly exchanges the user ID, the user name, and the email address. In theory, a profile could be defined to exchange additional data. However, it would require both the client and the server to agree about the profile, which means specific clients/servers on both sides.
So, the summary is more or less: It does not matter if webtrees or the CMS operates as the provider. However, webtrees operating as a client allows to sign in with Google, Github, and other providers.
Please Log in or Create an account to join the conversation.
- Yuk
- Offline
- New Member
- Posts: 21
Please Log in or Create an account to join the conversation.
- Jefferson49
- Topic Author
- Offline
- Senior Member
- Posts: 280
Can this module work with Facebook authorization?
Technically, there is a high probability that the module will work with Facebook, because League has an OAuth 2.0 client for Facebook. However, Facebook, Instagram and LinkedIn only offer the authorization provider service for companies; and require corresponding certifications that you own a company. Therefore, I could not test those.
If someone has a business/company and has a Facebook site for the company, we could try.
Please Log in or Create an account to join the conversation.