Sorry I am newbie in Drupal, I was trying Drupal 8 as my website, I have token generate from SSO base on Oauth2 from another website(not Drupal) which is contains uid, name, and some credential. I want to create user with uid from token automatically if not exist in local user db and automatically login if user exist in db or after creating user.
I have try External Authentication module but because there is no documentation, I don't know what must I do to implement this module.
Hope some master can guide me to implement token
What I want is:
How to create function with specific url contains token
Get uid etc base on token then login automatically
How to logout if we using SSO from other website?
Thanks, for your help
Related
I am implementing Google Sign in in my VueJS App and I have a few questions before starting:
How to create a user when a user clicks on Google sign in button?
Do I have to create a custom route just for that?
Do I have to generate a random password because it is mandatory?
When a user is already registered and clicks on Google Sign in.
Do I have to pass Google Token from Vue JS to Symfony, then with google API, verify if token is valid and generate a token from my symfony application?
If you have some good documentation, I'll take it.
To get this started, it's actually a relatively complicated functionality to implement. This is because you'll have to use custom (maybe multiple if one can both login with Google account or register to your own website) guard authenticators. Moreover, you will need to use an OAuth bundle like KnpUOAuth2ClientBundle or HWIOAuthBundle.
The answer to your questions:
You have to create a custom route for that but you do not need to generate a random password, you can just make password nullable and add checks that it is null only for users logged in through Google (if it's not possible for you then just add something random as password). Additionally, I would propose to add a field provider to your User entity if you are providing both google and your own authentication. You should set this to 'google' or 'website respectively.
The user authentication process is being handled by Google and you are getting an access token as response that contains user's information like name, email etc, so you do not really have to worry about validating passwords etc.
This article helps you get started with KnpUOAuth2ClientBundle.
I have a Wordpress/WooCommerce installation using Wordpress itself for authentication. I want to switch to LDAP-based authentication (e.g. OpenLDAP). How can I migrate existing users with minimal intervention on their part?
Ideally they would simply continue using their pre-existing credentials for Wordpress and for any other resources using the same LDAP database.
In addition, new users created via WooCommerce purchases should be created as LDAP users.
(Existing plugins like Simple LDAP Login seem to handle creating Wordpress users for pre-existing LDAP credentials just fine. I'm looking for support in the other direction.)
I think you'll have to develop this task yourself. You could check tools like : https://lsc-project.org/start which will allow you to configure mapping and synchronising SQL database to LDAP directory and schedule the task regularly (or trigger it on new row in the DB)
Only point where you could have some problem would be the "keep their credentials". I don't know wordpress, but if the hashing and/or crypting mechanism of the passwords are not natively supported by OpenLDAP, you will have to hash the clear password of the user to store it with a mechanism compatible.
One way would be to tell every user that the password will be reset and that they will have to retype it (some custom landing page where you authenticate the user with his credentials on the wordpress DB and if successful write the password on the LDAP)
Another way would be to deploy some self service password with all account reset and a need to re-set them with a link send to their email (from the LDAP). There are tools like that, for example : https://ltb-project.org/documentation/self-service-password
Follow Esteban's advice I developed a solution as follows:
Wordpress interface
Install Simple LDAP Login
Install JWT Authentication for WP REST API
Users authenticate against LDAP, fall back on Wordpress
"Change password" sends them to new interface
New interface
User logs in via new interface
Users authenticate against LDAP, fall back on:
Authenticate against Wordpress via JWT. On success:
Create LDAP user (we have the password)
Delete Wordpress password hash (no longer needed, forces LDAP-based authentication in future)
Workflow
Existing users can sign in via Wordpress or the new interface. Once they use the new interface (to sign in or change their password), they are migrated to LDAP-based authentication.
New users are registered in LDAP. They can sign in via Wordpress or the new interface, both backed by LDAP.
We have a custom app hosted in Firebase (Google's Backend as a service). We would like to use Shopify's authentication so the user doesn't have to create an account in the app as well as the Shopify store (where we require accounts).
The key: I need to have some mechanism (like an API) that I can use to have Shopify authenticate a user. (Assume the customer has already created an account in the Shopify store. Account creation will be handled by the normal Shopify process.)
I can create a page in my app to ask for email / pass. Is there some way to send this info (perhaps along with some sort of token generated from a private app) to authenticate the customer? I just need Shopify to confirm whether the email / pass is correct, so I can then 'login' the user into my Firebase app.
Any direction / thoughts / suggestions are greatly appreciated.
PS. Firebase offers a 'custom authentication' option, along with email, Google+, Facebook. The custom auth option requires sending user / pass to the authentication server, which in this case, would be Shopify.
EDIT: Based on the responses, edited to clarify that I need some way to authenticate the user in Shopify. Handling the custom auth into Firebase seems like a fairly straightforward task, once I receive some sort of signal from Shopify telling me the users email / pass is valid.
This is a classic use case for custom Auth with Firebase. You send email/pass to your backend, authenticate with shopify, on success create a custom token with the user's id (most likely using shopify's user id), send it back to the client which would signInWithCustomToken signing in to Firebase.
Customer logs in to Shopify
Logged in Customer has an ID
Use App Proxy in your App to accept this ID using a secure callback
Use the Shopify API to look up the customer with the secure ID
If customer is found, they are then authentic and can use your App
Why is that not a useful and simple pattern for you to use?
You should take a look to Shopify MultiPass. Although, you need Shopify Plus that is very expensive.
I'm currently working on a project where we want to connect facebook profiles to existing (and logged in) Okta users.
The website is made in ASP.NET using Sitecore 6.5.
We use the "Authorize URL" to do our login and account linking with redirect callouts.
I can register and create an account with the facebook identity provider when the user isn't logged in in Okta. In this case it follows the Callout redirects and we get a tx_id. Hover when you're logged in to Okta and you visit the same "Athorize URL" it follows the redirect_uri where you get a id_token as result. this is an JWT string which I managed to decode (example result).
How can I use the information in the JWT to link a user to the identity provider? Or is there another way to do this? I can't find any methods or API calls to add a user to an identity provider without the tx_id.
I believe you used https://developer.okta.com/docs/api/resources/social_authentication.html to add FB social auth for users. Yes, once you browse the final url
https://example.okta.com/oauth2/v1/authorize?idp=0oa0bcde12fghiJkl3m4&client_id=AbcDE0fGHI1jk2LM34no&scope=openid%20email%20profile&response_type=id_token&response_mode=fragment&state=someState&nonce=someNonce&redirect_uri=https://app.example.com/social_auth
you will be redirected to your app https://app.example.com/social_auth with id token in the url. In the redirected app you can read, decode and create session for user. However, the same user profile is also created in Okta.
Once the social auth user profile is created in Okta, you can use that to get id token next time.
I am developing an android app for an eCommerce site that is built in wp-woocommerce.
I really don't know much about wp.
I have read http://woothemes.github.io/woocommerce-rest-api-docs/ and have developed almost all the android app. but I was unable to find a way to validate the username and password of the customer via rest API.
I just want to pass the username and password and expect the result as pass or fail.
Thanks in advance for your kind help.
Unfortunately, WooCommerce REST API doesn't deal with login/logout (customers) as they are treated as WordPress users with CUSTOMER roles.
The API KEY and SECRETE is for your app to fetch data as products - orders etc... You have to use WordPress API login methods to access user information, signup new users/customers,.
WordPress REST API / Auth
If you prefer to use JWT there is many plugins in the plugins repo.I have used this one: Simple JWT Login – Login and Register to WordPress using JWT and works good.