What is OAuth?
The idea behind OAuth is to get rid of the need to register separately with all the websites out there that require registration before you can use them. Instead of having to keep track of all the different accounts, you can use one login on every website that supports OAuth.
To quote the OAuth homepage:
- "An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications."
OAuth is a free and open protocol. It is not owned by any corporation.
OAuth in Geeklog
OAuth support in Geeklog differs slightly from the Remote Authentication support, but only in that it requires a separate login prompt.
To activate OAuth support there are several steps.
First you must go to the Configuration Admin panel:
- Configuration > Geeklog > Users and Submissions > Users > User Login Method[OAuth]
Set this option to "true". Just below this configuration option you will find the other OAuth settings. Currently Geeklog supports logging in via Facebook, LinkedIn and Twitter via OAuth. For each of these three login methods you will find an option to enable it and two text boxes for you to enter an Application Id and Application Secret Key (see below to find out how to get an Id and Secret Key). Each of these items needs to be filled out before the login button for it will be enabled. Once you have filled out the required information remember to then save the configuration changes.
Other requirements needed to enable Geeklogs OAuth Login process is you must have the PHP extension OpenSSL loaded on your web server.
When you log out, you will see one or more new login buttons in your site's User Functions block, below the normal login options:
As the "http" suggests, your OAuth is really a URL that you use for the login (hence the need for a separate login prompt). Note that you will not enter your password on the site you are about to log in to. Instead, you will be taken to your OAuth provider (the place where you registered your OAuth) and enter the password there. So the Geeklog site will never see your OAuth password - it will only get an "okay" back from the OAuth provider if you authenticated successfully.
Once a user has logged in via OAuth, they are just like any other Geeklog user. They can be added to groups, change their profile, do whatever else you allow your users to do on your site. And yes, OAuth users can also be banned.
Users that log in through OAuth are automatically added to the "Remote Users" group.
- Currently, OAuth 1.0 is supported (OAuth 2.0 is still in development).
OAuth Login Methods
Access Facebook 'Create an Application' page, and input form. http://developers.facebook.com/setup/
Access LinkedIn 'List of Applications' page, and click 'Add New Application'. https://www.linkedin.com/secure/developer
Access 'Applications Using Twitter' page and click 'Register a new application »'. https://twitter.com/apps
Application Type: Select 'Browser' Callback URL: Input URL same as Website Default Access type: Select 'Read & Write' Use Twitter for login: Check