I am trying to implement openid selector into my website, I wonder what is the try_auth file that I need for my openid selector to work?
All I want user to login into my website is using only their google account, so could anyone help me out? I have been doing alot of research and I didn't find a successful way of doing so. I am using PHP for my back end development.
Perhaps if someone could help explain how everything works that will be great, as well I didn't plan to use DB to store any user login. I know I have to have a session variable to check in every page whether user have login or not.
openid-selector is just a nice front-end for choosing which OpenID provider to use for signing in.
You also need a library that does the according back-end stuff. In your case this missing file is part of php-openid: https://github.com/openid/php-openid
Related
Okay, So I have a client that wants their wordpress site to only require user to use their email to login. They instead want the site read through a google spreadsheet of all the users. Then if the users email is found in the spreadsheet it allows the user to login.
Before people start screaming, I know its extremely bad from a security stand point, we've told them this. They don't care.
So my question is, has anyone one done this or something similar in the past. How did you do it.
And how would say is the best way to go about doing this. So far I have thought of a few ways to do it.
Secretly embed the doc on a hidden web page then access it.
Some how just access it using APIs
Maybe using google forms as the email entry, and some how use that to search the google docs.
Any ideas or helps, is appreciated greatly. Thank you.
Logging in via an email address is easy, there are already plugins to do it. https://wordpress.org/plugins/wp-email-login/
There is also a plugin for external authentication. Don't know if it does it from a spreadsheet, though you may have a way to sync the spreadsheet to an external DB (via an API perhaps):
https://wordpress.org/plugins/external-db-auth-reloaded/
Would you need the logged in user to have any user-specific account info? Could you get by with allowing each logged in user to essentially be using the same single account in WordPress?
I could see a solution where you hook into wp_authenticate() https://codex.wordpress.org/Plugin_API/Action_Reference/wp_authenticate
And in your hook function call, run out to Google Spreadsheet via their API and see if that email address is found in the list. If so, log them into WP using a preset, single account that's meant to be used for all such users.
Here's some basic info for reading from a Google Sheet via their API:
https://developers.google.com/sheets/samples/reading
I'm trying to implement login and registration on a page using the Facebook API for both JS and PHP SDK 4.0. The 4.0 SDK seems relatively new and have changed a lot in recent time. There aren't a lot of answers out there. The documentation also seems pretty poor.
I already have a page with standard login using php/mysql. This will just be another option of login/registration for users.
After a couple of years just reading on Stackoverflow, this is my first post. Sorry in advance if it's in some way inadequate.
This is how I figure I would like to set this up:
A Facebook-button next to the login with a JS Facebook-login dialog connected to it.
If the user authorizes: send the result with an ajax-request to a php-page
Use FacebookJavaScriptLoginHelper to set up a session.
Get a long life access-token with getLongLivedSession.
Make a request for /me. Check if the email for this account is already a user on my site.
If not already a user: Ask for a username, register the user with info from Facebook.
Connect the account by saving the internal userid and the access-token in my database
Questions so far:
Am I supposed to send the token with my AJAX-call from the client, or would this be a security risk? I could just fetch the token with the PHP SDK instead.
Should i store the token with $_SESSION? Should I even store this manually myself? If so, is there built in functionality for this in the PHP SDK? Couldn't find any.
When a user has gone through this process I want to be able to check server side directly on page load if the user has authorized my app (and is logged in on FB).
Am I supposed to acquire the access-token using $_SESSION, or is there functionality for this? Isn't there any built in functionality to do a standard check if the user is authorized already?
When doing this in PHP, should I use the FacebookRedirectLoginHelper? Seems a bit odd since I'd never want to redirect with PHP, when my login dialogs will be with JS.
Maybe I've gotten the gist of this all wrong. My main concern is if I really would have to be storing the token with $_SESSION. I've seen a lot of people doing it in tutorials, but found nothing about it in Facebooks docs.
Thank you for your detailed post. Not a lot of people put so much effort in their first post ;)
The token you refer to is automatically stored in the cookie by the JS SDK. You can instantiate a session on the PHP side in the following way:
$js_helper = new FacebookJavaScriptLoginHelper($app_id);
$session = $js_helper->getSession();
Or: https://developers.facebook.com/docs/php/FacebookJavaScriptLoginHelper/4.0.0
You don't have to store the token by yourself, since it's already stored in the cookie.
Does this make the situation more clear?
For a project I am working on, I think having the functionality to sign in with facebook/ twitter would be beneficial.
I have some design theory to iron out.
When the user first logs into the website using either twitter or facebook, I'll get their email and other relevant information and store it in the database where a normal signed up user would be stored.
When they return, they would log in with twitter/ fb again and it would locate the information in the database and not add it again.
If anyone tried to sign up with the email address provided by either of these services, an email would be sent to the email address to confirm it is them and then they could generate just a password to allow them to log in with information already stored.
I could they link other data on the website to the userid I have stored for them throughout the entire process.
So my query would be whether this is the correct way to go about this?
How have others used these types of login api's and then binded them to on site data?
I believe this to be a reasonable question but if I have placed it in the wrong section, please feel free to move it!
Thanks.
well, everything should be written here http://developers.facebook.com/ also try using php sdk for facebook api, for twitter here https://dev.twitter.com/
Create an app in both fb and twitter, take the access token and access token secret
You should download all the files necessary and then configure them as is written in manual, if you will have trouble connecting to them write me a message to my mail(jurijs.nesterovs#inbox.lv) i'll try to help
Have done that before myself for my site. It was Fb/Twitter/Google. I bet thats the best thing to do. Google's API is the easiest out of these 3. Twitter was hard for me since I dont use OOP and all the libraries out there was OOP.
And about your design, my site was made not to not allow the user to join with the same email again. If they have joined using Facebook with an email, when they try to join using twitter with the same email, I would tell the user that they are already registered using Facebook.
I have been having a goosey around the login functions of stackexchange, and I have noticed that depends on what you click, it adjusts a form with either OAuth information, or OpenID information in the form of the query which submits the form to a script inside of stackexchange, and I was wondering if anyone had the information for how the script would communicate with that particular service and use the returned information to login, as well as fetching additional information about that account from the service.
If anyone has any scripts or snippets, PHP would be preferred.
The Janrain OpenID Libraries are pretty good. They have a few quirks when it comes to extending them, but I think for your purposes they will be fine.
Facebook does NOT do OpenID. For Facebook you will need to use a different library (and that is something I have not done, so I cannot comment on it).
I have noticed some Twitter Applications manage to get a particular users Location, Name, Profile Image etc using just the twitter username?
Hows is this possible?
I ask because I have not come across any where in the Twitter docs on how you can do this. I can get a users details myself using oAuth when the user provides my app permission but thats it.
Would be grateful if this could be cleared. I hope its not the use of CURL as this is not a good idea in my eyes. If there is another way, is there a PHP implementation that I could use.
Thank you for any help.
Update
I did not know that existed! Is there a PHP wrapper or class someone has written to use that ? Sorry, I am complete noob and I relay on wrappers and simple function calls!
It's returned by the users/show call from the API.
For example:
http://twitter.com/users/show.xml?screen_name=dougw
The API wiki lists a PHP library FWIW.