null

for some reason I thought restfulserver was deprecated in favour of GraphQL?

🤷 (1)
cheddam

RESTful APIs aren't deprecated in favour of GraphQL by the web development community at large - they still provide plenty of advantages. So I don't think this module will be deprecated in the near future.

null

Is there anyone around with experience using bigfork/silverstripe-oauth-login?

null

@kinglozzer @nightjarnz I've kind of got it set up, but the authenticator is always calling itself "Social sign-on" and it can't find my template containing the button

null

Also doesn't seem to replace the default authenticator

nightjarnz

p.s. it's 3AM for Loz because he works for BigFork in Norwich, UK ;P

null

...you know, it would help if I added the YML to the correct project

😂 (1)
null

The "Social sign-on" problem persists though

null

It is indeed lovely, especially if it can totally change the way Active Directory integrations are done

thats4shaw

I set it up a few weeks ago on a project and palmed that bit off - not sure it has progressed since then.

null

Did you use it to replace the default authenticator by chance?

thats4shaw

So the name comes from https://github.com/bigfork/silverstripe-oauth-login/blob/master/src/Form/LoginForm.php.

Show 1 attachment(s)
src/Form/LoginForm.php

<?php

namespace Bigfork\SilverStripeOAuth\Client\Form;

use Bigfork\SilverStripeOAuth\Client\Authenticator\Authenticator;
use Bigfork\SilverStripeOAuth\Client\Helper\Helper;
use SilverStripe\Control\HTTPResponse;
use SilverStripe\Core\Config\Config;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\FormAction;
use SilverStripe\Forms\HiddenField;
use SilverStripe\Security\LoginForm as SilverStripeLoginForm;

class LoginForm extends SilverStripeLoginForm
{
    public function __construct(
        $controller,
        $authenticatorClass,
        $name,
        $fields = null,
        $actions = null
    ) {
        $this->setController($controller);
        $this->authenticator_class = $authenticatorClass;
        $this->setFormMethod('POST', true);

        parent::__construct($controller, $name, new FieldList(), new FieldList());

        $fields = $fields ?: $this->getFormFields();
        $actions = $actions ?: $this->getFormActions();

        $this->setFields($fields);
        $this->setActions($actions);

        $this->setTemplate('OAuthLoginForm');
    }

    public function getFormFields()
    {
        $request = $this->getRequest();
        if ($request->getVar('BackURL')) {
            $backURL = $request->getVar('BackURL');
        } else {
            $backURL = $request->getSession()->get('BackURL');
        }

        $fields = FieldList::create(
            HiddenField::create('AuthenticationMethod', null, $this->authenticator_class, $this)
        );

        if (isset($backURL)) {
            $fields->push(HiddenField::create('BackURL', 'BackURL', $backURL));
        }

        $this->extend('updateFormFields', $fields);

        return $fields;
    }

    public function getFormActions()
    {
        $actions = FieldList::create();
        $providers = Config::inst()->get($this->authenticator_class, 'providers');

        foreach ($providers as $provider => $config) {
            $name = isset($config['name']) ? $config['name'] : $provider;
            $text = _t(
                self::class . '.BUTTON',
                'Sign in with {provider}',
                ['provider' => $name]
            );

            $action = FormAction::create('authenticate_' . $provider, $text)
                ->setTemplate("FormAction_OAuth_{$provider}");
            $actions->push($action);
        }

        $this->extend('updateFormActions', $actions);

        return $actions;
    }

    /**
     * Handle a submission for a given provider - build redirection
     *
     * @param string $name
     * @return HTTPResponse
     */
    public function handleProvider($name)
    {
        $this->extend('onBeforeHandleProvider', $name);

        $providers = Config::inst()->get($this->authenticator_class, 'providers');
        $config = $providers[$name];
        $scope = isset($config['scopes']) ? $config['scopes'] : ['email']; // We need at least an email address!
        $url = Helper::buildAuthorisationUrl($name, 'login', $scope);

        return $this->getController()->redirect($url);
    }

    /**
     * {@inheritdoc}
     */
    public function hasMethod($method)
    {
        if (strpos($method, 'authenticate_') === 0) {
            $providers = Config::inst()->get($this->authenticator_class, 'providers');
            $name = substr($method, strlen('authenticate_'));

            if (isset($providers[$name])) {
                return true;
            }
        }

        return parent::hasMethod($method);
    }

    /**
     * {@inheritdoc}
     */
    public function __call($method, $args)
    {
        if (strpos($method, 'authenticate_') === 0) {
            $providers = Config::inst()->get($this->authenticator_class, 'providers');
            $name = substr($method, strlen('authenticate_'));

            if (isset($providers[$name])) {
                return $this->handleProvider($name);
            }
        }

        return parent::__call($method, $args);
    }

    /**
     * The name of this login form, to display in the frontend
     * Replaces Authenticator::get_name()
     *
     * @return string
     */
    public function getAuthenticatorName()
    {
        return _t(Authenticator::class . '.TITLE', 'Social sign-on');
    }
}
Hide attachment content
null

ah, I can use the lang system to replace the name

dorsetdigital
  1. Bigfork\SilverStripeOAuth\Client\Authenticator\Authenticator:
  2. providers:
  3. 'Facebook': # Matches the key for '$%FacebookProvider' above
  4. name: 'The Facebooks'
  5. scopes: ['email', 'public_profile']
null

That's what I thought too, but it doesn't seem to recognize whatever I put in the "name:" field

null
  1. Bigfork\SilverStripeOAuth\Client\Authenticator\Authenticator:
  2. providers:
  3. 'ActiveDirectory':
  4. name: '...'
  5. scopes: ['email profile']
null

@firesphere might know about the double-up authenticators? 🙂

null

Screenshot above: I've added an oauth authenticator, but I want it to be the only authenticator

null

but if I set to default: %$Bigfork\SilverStripeOAuth\Client\Authenticator\Authenticator, it replaces the default and adds the oauth as well

null

I need to remove the oauth authenticator if it's replaced default

firesphere

Hmmm, the problem is that the module registers itself, instead of supplying a demo-config to register it (which is the advised way)

null

Yeah, was just thinking if there's a way to define the name that it registers itself as

firesphere

You could try setting default to an empty array or null or false

firesphere

Or remove the supported methods from the Default 😄

null

It doesn't like setting default as anything except a class

null

the oauth name is applied via YML inside the module, so it's effectively hardcoded 😞

null

unless I set that to false/null/default, maybe

firesphere

So, you could check there and unset the desired array key and re-register them on Security

firesphere

singleton(Security::class)->getAuth and setAuth thingies should be able to support you there

null

No luck yet, I'll keep tinkering with it 🙂

kinglozzer

@null oh yeah I hit that a few weeks back, it’s the in-built rendering of multiple authenticators that does it... I managed to get around it by looping over the authenticators manually in my http://Security_login.ss, I’ll dig up some code when I get to the office

kinglozzer

@null sorry, misunderstood what you wanted to do - I’ve added instructions for removing/replacing the default authenticator: https://github.com/bigfork/silverstripe-oauth-login/commit/ea3e6d0df2e47b5a51b05b644dc7d0b9a30acef9

kinglozzer

More a limitation of core than the module, as core is what forcibly registers the default authenticator (for good reason of course 😉)

kinglozzer

I eagerly anticipate the YAML directive to override rather than merge values 😄

null

I borrowed the example from ldap to show the old authenticator as a fallback with a GET parameter


Show less replies
null

so it works in the same way as Google / Facebook signin buttons do 🙂

null

we can use bigfork's oauth login and there's an azure provider ready to go

null

@dorsetdigital just found out that Azure AD supports Oauth - if it works, it means we don't need to bother with SAML or LDAP at all: https://www.symbiote.com.au/blog/azure-active-directory-and-silverstripe/

null

I could overload the Member.unique_identifier to use the identifier passed back from SAML

null

Good point. I just need the identifier supplied by AD

null

and to use the module, I need to pass it valid creds

null

But it seems to do that, I have to install the LDAP module anyway, otherwise it doesn't recognise the mappings that come back from AD

null

Yeah, I've explained that and it's what the client wants

 

[2019-03-22 08:11:31] manifestcache-log.WARNING: Failed to save values {"keys":["__CACHE__"],"exception":null} []