OAuth2 authentication provider in Neos - is there a stable base to extend?

floweiss1 · February 26, 2016, 7:42am

I tinkered a bit with OAuth2 authentication lately and used https://github.com/Flowpack/Flowpack.OAuth2.Client as a base (thank your for that).
I built a first draft for Instagram Authentication on top of that package, while refining it I encountered 3 key problems however:

*) Using the package as base for my own authentication has the side effect of bringing a full fledged facebook configuration with it which I don’t need (but which prevents me from using “allTokens” as strategy - unless I introduce a requestPattern to solve that)
*) I expect people will have a very hard time using this package as base due to lack of documentation - in my case afoeder kindly pasted me some details and ChristianM ( ) helped me out on some issues
*) There are multiple packages out atm (Christians Bootstrap Package https://github.com/neos/twitter-bootstrap, the GA plugin, etc.) and they all seem to have a different way of handling the authentication

The easiest way to continue for me would be putting the classes I need from the Flowpack.OAuth2 package into my own (interfaces, abstract), but package wise this would be a bad approach - I strongly agree with Dmitri on the fact that “Packages should serve a single purpose” in this case I could imagine a “Flowpack.OAuth2.Client” package that serves the single purpose of “Providing a base for implementing a custom OAuth2 authentication process” (which it actually could do very well with some tweaks)

Long story short: Is there something on the roadmap on how this should be handled in the future and what is the suggestion of the Neos team on how to continue.

sorenmalling · April 17, 2017, 10:24am

Hi @floweiss1

I used the package

as base for a generic Oauth authentification that looks like this

gist.github.com

https://gist.github.com/sorenmalling/c63f5e80830c3b19e9b65e7bf9cf5c88

AbstractOauthProvider.php

<?php

namespace Vendor\Application\Security\Authentication\Oauth\Provider;

abstract class AbstractOauthProvider extends AbstractProvider {

	/**
	 * Oauth manager
	 *
	 * @var OauthManager

This file has been truncated. show original

FacebookProvider.php

<?php

namespace Vendor\Application\Security\Authentication\Oauth\Provider;

use League\OAuth2\Client\Provider\FacebookUser;

class FacebookProvider extends AbstractOauthProvider {

	/**
	 * @return array

This file has been truncated. show original

Token.php

<?php

namespace Vendor\Application\Security\Authentication\Token;


class FacebookToken extends AbstractToken {

	/**
	 * Oauth manager
	 *

This file has been truncated. show original

I relies on the implementation of the PHP Leaguge packages, but gives me the chance of creating new OAuth authentication provider by passing a array to the authentication providers configuration given the keys that the PHP League requires to do “the talking”.

          'FacebookProvider':
            provider: Vendor\Application\Security\Authentication\Oauth\Provider\FacebookProvider
            providerOptions:
              implementationClassName: League\OAuth2\Client\Provider\Facebook
              implementationClassOptions:
                clientId: 'CLIENT_ID'
                clientSecret: 'SECRET_KEY'
                graphApiVersion: 'v2.8'
          'LinkedinProvider':
            provider: Vendor\Application\Security\Authentication\Oauth\Provider\LinkedinProvider
            providerOptions:
              implementationClassName: League\OAuth2\Client\Provider\Linkedin
              implementationClassOptions:
                clientId: 'CLIENT_ID'
                clientSecret: 'SECRET_LEY'

and as you can see, the FacebookProvider class doesn’t do anything else than pass a token class and a name of the object managing response from the specific provider.

I hope that it can help you or others