Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oAuth2 + PHP-auth implementation #296

Open
ponasromas opened this issue Oct 25, 2023 · 1 comment
Open

oAuth2 + PHP-auth implementation #296

ponasromas opened this issue Oct 25, 2023 · 1 comment

Comments

@ponasromas
Copy link

Well, I know how to implement oAuth2, but how to pair it with PHP-auth?

Example:

  1. User goes to domain.tld/register
  2. User choose Github as registration method
  3. oAuth2 lib used
  4. User goes to domain.tld/login
  5. User choose Github as login method

Now, how to actually "login" user via PHP-auth? Because main authorization library would be still PHP-auth. Is it possible to programatically "login" user?
@Peabo83
Copy link

Peabo83 commented Nov 1, 2023

I've implemented what you're talking about with google OAuth, I'm not familiar with the process of GitHub authorization, but I assume it would be similar. Here is the process I've implemented:

1 User goes to domain.tld/register
2. User creates an account
3. User is emailed a verification key/token (as outlined in the php-auth documentation for $auth->register)
4. User clicks the link in their account, they hit the site, their account is verified, and they are automatically logged in
5. User logs out
6. User attempts to now login using the Google OAuth button
7. Google OAuth provides a $_POST['credential'] value with login that can be used to verify a users account. In these creds are a unique google ID that I store in the php-auth database as part of the user's information. So when the user attempts to login with google I match their email and OAuth creds for login. This allows the user to login with OAuth or the 'login with google' button.

Alternatively, this process can be reversed:

  1. User uses the 'login with google' button
  2. System uses info in $_POST['credential'] to create a new account, and automatically logs the user in (no authentication email is sent)
  3. User then requests a password reset via domain.tld/reset
  4. User account is emailed a password reset link
  5. User resets their php-auth password, allowing them to login with a U/P or the 'login with google' button.

So when a user attempts to login with OAuth, the $_POST['credential'] value is pulled for the user's email and google unique ID, if $_POST['credential'] passes authentication, the user is logged in via $auth->login. I would assume GitHub passes similar user data.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ponasromas @Peabo83