AuthUserFederated

Summary: OpenID and OAuth authentication extension for AuthUser
Version: 2012-11-03
Prerequisites: pmwiki 2.2+, authuser
Status: In active use
Users: +1 (View / Edit)

Questions answered by this recipe

How can I add "login with google" or "Login with OpenID" options to my PMWiki?

Description

OpenID and OAuth authentication extension for AuthUser.

This recipe adds two new directives:

  • (:google_loginbox:) and
  • (:openid_loginbox:)

Former being a shorthand for using Google's open id service @ "https://www.google.com/accounts/o8/id".

Notes

Not compatible with AuthUserOpenId as this is a new version.

Uses Mewp's LightOpenID class (http://gitorious.org/lightopenid) for communication with OpenID providers.

New Installation Process

1. Copy the files authuserfederated.php an openid.php from the release zip to the cookbook directory.

2. edit your local/farmconfig.php or local/config.php file just before line including authuser.php to add the following line

 include_once("$FarmD/cookbook/authuserfederated/authuserfederated.php"); // Must be included before authuser

3. Add following lines to your wiki's page SiteAdmin.AuthUser

 google://module
 openid://module

4. Modify your wiki's Site.AuthForm Page to include (suit to your needs):

 (:if enabled BadOpenID:)* $[OpenID identifier not recognized]
 (:google_loginbox:)
 (:openid_loginbox:)\\

5. Modify you wiki's Site.PageActions (and other similar locations) to add

 (:if authid:)
 %item rel=nofollow class=logout    accesskey="$[ak_logout]"%''  [-[[{*$FullName}?action=logout | $[Logout] ]]-]''

6. Set your permissions as you wish

7. Test the authentication schemes.

Upgrade from 2010 version instructions

1. Copy the files authuserfederated.php an openid.php from the release zip to the cookbook directory.

2. Delete the old authuserfederated folder

3. Update your wiki's Site.AuthForm Page to include and suit to your needs):

 (:if enabled BadOpenID:)* $[OpenID identifier not recognized] 

4. Modify you wiki's Site.PageActions (and other similar locations) to add

 (:if authid:)
 %item rel=nofollow class=logout    accesskey="$[ak_logout]"%''  [-[[{*$FullName}?action=logout | $[Logout] ]]-]''

Changing the Author value to a unique value

If you require a unique Author id (which is a good idea if you are using id for edit and admin rights) you'll want to do something other than use First and Last name. If you expect emails to be unique, you can reformat the contact email to a unique id by replacing:

  if(!empty($attr['namePerson/first']) && !empty($attr['namePerson/last'])){
    $_POST['authid'] = $attr['namePerson/first'].$attr['namePerson/last'];
  }

with this:

  if(!empty($attr['contact/email'])) {
    $auth_contact = $attr['contact/email'];
    $_POST['authid'] = str_replace("@", ".at.", $auth_contact);
  }

Release notes

  • 2010-06-28 highly experimental first release (Note: Old Version for reference purposes authuserfederated_20100628.zipΔ
  • 2012-Nov-03 Major Update: authuserfederated_20121103.zipΔ
    • Updated OpenID.php to latest version (as of publication date)
    • Fixed many issues preventing authentication
    • Added cleaning up of URL when finished
    • Added a global var when OpenID fails (e.g. with improper URL)

If the recipe has multiple releases, then release notes can be placed here. Note that it's often easier for people to work with "release dates" instead of "version numbers".

See also

Contributors

Comments

This space is for User-contributed commentary and notes. Please include your name and a date (eg 2007-05-19) along with your comment. Optional alternative: create a new page with a name like "ThisRecipe-Talk" (e.g. PmCalendar-Talk).

See discussion at AuthUserFederated-Talk

User notes +1: If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.