Re: How to treat the OAuth2 redirection

[elin]

Hi Ruben,

One thing you might want to do is look at how the JIssues team is handling authentication with Github.  

Elin

On Saturday, May 11, 2013 1:02:32 PM UTC-4, Rubén Rodríguez Aparicio wrote:

Hi everybody,

I am Ruben Rodriguez and I have presented one proposal for Google Summer of Code for "Remote web services management". I have some previous experience with webservices and Joomla as user, but not as a developer of Joomla CMS. Because of this, I am using this previous days to practice with Joomla CMS and try to understand how it works. 

I am working right now in a plugin to use Facebook Authentication using the existing libraries in Joomla CMS for facebook. My first idea, after looking to the other plugins of authentication, was to create a new one that will conect to facebook to do the authentication, but then I have found the problem about how OAuth2 works:

- Redirect the user to facebook.

- Ask the user to let the app use their data.

- Redirect to the joomla site with an auth token.

So, when the user is redirected again to the Joomla site, it is out of the authenticate method and the token is not used.

The first thing that goes through my mind was to use one of the system events to check before the page is loaded if there is a token in the request and do the authentication, but not sure about that.

Do you have any advice on how should I treat this in Joomla? Somewhere to take a look? 

Thanks in advance.

Ruben

[Rubén Rodríguez Aparicio]

Thanks for your replies!

Elin, I will take a look on how JIssues does it and see what I can use.

Diana, I understand that the client works like it should. I will try to explain the problem better and how I am trying to solve it now.

The first idea is to make a plugin that will handle the authentication using facebook. To make that I took a look to the joomla authentication plugin and see how it works. After that I began creating an authentication plugin that has the method onUserAuthenticate. Inside this method (that will be trigerred when a user wants to authenticate) I use the facebook library to try to authenticate the user using the JFacebookOauth. Then the redirection flows happen, I come back to the joomla site with the token and I should have to store it somewhere, but since after the redirection I am out of the scope of the login scenario, I can not continue with the login.

Now I am trying to solve this issue with the creation of a second system plugin that have the method onAfterInitialise(), so it is executed when the application initialise method has been called. Inside this method I ckeck if there is a "code" in the url params and, in that case, it takes the application and call the login method again, but this time the code is in the URL so the login will be completed. I have just begin working on this solution, so I don't know if it will be really a solution or probably there will be a better option.

Thanks again for your feedback and help.

Ruben Rodriguez

[Rubén Rodríguez Aparicio]

Hello everybody,

I have finished the first version of the plugin. As I told in my last message I created a second plugin to handle the redirection. It checks after the initialization if there is a code in the URL. If so it calls the login methods of the app. You can check this plugin in my github repository: https://github.com/rubrodapa/pl_oauth2logintreatment

Also you can have a look to the facebook authentication plugin here: https://github.com/rubrodapa/pl_facebookauthentication. It uses the facebook libraries in Joomla to authenticate and check if there is a user regitered with the same email. In that case the user is login in the website.

If you want, you can also give feedback on my proposal for the google summer of code. The creation of these plugins is a small part of it, that will be centered on the manage of remote web services. You can check it here: http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/rubrodapa/1

Thanks!

Ruben