print · login   

Summary: OpenID and OAuth authentication extension for AuthUser? Version: 2018-02-08 Prerequisites: pmwiki 2.2+, authuser Status: In active use Maintainer: , Users: (View? / Edit?) Categories: Administration, Security

Questions answered by this recipe

How can I add "login with google" or "Login with OpenID" options to my PMWiki?

Description

OpenID and OAuth authentication extension for AuthUser?.

This recipe adds two new directives:

  • (:google_loginbox:) and
  • (:openid_loginbox:)

Former being a shorthand for using Google's open id service @ "https://www.google.com/accounts/o8/id".

Notes

Not compatible with AuthUserOpenId? as this is a new version.

Uses Mewp's LightOpenID class (http://gitorious.org/lightopenid) for communication with OpenID providers.

New Installation Process

1. Copy the files authuserfederated.php an openid.php from the release zip to the cookbook directory.

2. edit your local/farmconfig.php or local/config.php file just before line including authuser.php to add the following line 

 include_once("$FarmD/cookbook/authuserfederated/authuserfederated.php"); // Must be included before authuser

3. Add following lines to your wiki's page SiteAdmin.AuthUser 

 google://module
 openid://module

4. Modify your wiki's Site.AuthForm Page to include (suit to your needs): 

 (:if enabled BadOpenID:)* $[OpenID identifier not recognized]
 (:google_loginbox:)
 (:openid_loginbox:)\\

5. Modify you wiki's Site.PageActions (and other similar locations) to add 

 (:if authid:)
 %item rel=nofollow class=logout    accesskey="$[ak_logout]"%''  [-[[{*$FullName}?action=logout | $[Logout] ]]-]''

6. Set your permissions as you wish

7. Test the authentication schemes.

Upgrade from 2010 version instructions

1. Copy the files authuserfederated.php an openid.php from the release zip to the cookbook directory.

2. Delete the old authuserfederated folder

3. Update your wiki's Site.AuthForm Page to include and suit to your needs): 

 (:if enabled BadOpenID:)* $[OpenID identifier not recognized]

4. Modify you wiki's Site.PageActions (and other similar locations) to add 

 (:if authid:)
 %item rel=nofollow class=logout    accesskey="$[ak_logout]"%''  [-[[{*$FullName}?action=logout | $[Logout] ]]-]''

Changing the Author value to a unique value

If you require a unique Author id (which is a good idea if you are using id for edit and admin rights) you'll want to do something other than use First and Last name. If you expect emails to be unique, you can reformat the contact email to a unique id by replacing: 

  if(!empty($attr['namePerson/first']) && !empty($attr['namePerson/last'])){
    $_POST['authid'] = $attr['namePerson/first'].$attr['namePerson/last'];
  }

with this: 

  if(!empty($attr['contact/email'])) {
    $auth_contact = $attr['contact/email'];
    $_POST['authid'] = str_replace("@", ".at.", $auth_contact);
  }

Release notes

If the recipe has multiple releases, then release notes can be placed here. Note that it's often easier for people to work with "release dates" instead of "version numbers".

See also

Contributors

Comments

This space is for User-contributed commentary and notes. Please include your name and a date (eg 2007-05-19) along with your comment. Optional alternative: create a new page with a name like "ThisRecipe-Talk" (e.g. PmCalendar-Talk).