1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Suggestion] XenForo Connect

Discussion in 'XenForo Suggestions' started by Onimua, Aug 18, 2010.

  1. Onimua

    Onimua Well-Known Member

    Sort of sprung up from when I was going to reply to this thread, but I decided to make it a new thread since this would be different from the approach brought up there.

    Similar to Facebook Connect, it would allow administrators to build sites on other domains and by including a file/provide a login and password, you can plug into an XF installation and pull information as needed via API calls.

    For example, I can have DomainA be my XenForo installation and DomainB would another site that does not have an XF installation on it. If I want to build a customized experience, I could simply include a file from DomainA and include it on DomainB.

    Once that's done, the user could simply log into the site on DomainB and all their information (username, avatar, email, usergroup permissions) get passed to it. If I want to get any other information, I can use a simple call to get posts or threads by them, but mainly I can then know who a user is on DomainB and handle it how I want.
     
    otto, Andrej, Alfa1 and 13 others like this.
  2. Brandon_R

    Brandon_R Guest

    oAuth implementation is nice.

    I agree but i doubt this will get implemented.

    On the other hand, xenForo does use the zend framework somewhat, if they still have it in there when it gets released then an API could be easily created with Zend oAuth's classes.
     
  3. Floris

    Floris Guest

    I believe I read about openid being considered, you can just make openid.yoursite.com and use that one. This should perhaps resolve it for other sites you own if you point them to the same openid provider (that you run)?
     
    CallieJo likes this.
  4. David Thomas

    David Thomas Active Member

    As a developer, this would be quite the Godsend. I'm currently working on a network now, and integrating x-amount of unique software is a huge pain. Something like a global.php in MyBB, except solely for sending user information, so you don't run into issues with clashing variable names or other "fun" integration roadblocks.

    But taking this further, we could, as suggested in the thread, implement oAuth (even as a third-party mod). Then, essentially, we could network XenForo forums by allowing our users to use oAuth to authenticate to other forums, as Twitter allows you to do. So a user from my site could visit and post at your site without actually needing to make a new account. We could potentially take down social networks with such a feature, mwuahahahah!!!!

    Of course, such a solution would require we make it secure, since user information would be going between sites.
     
    CallieJo likes this.
  5. CallieJo

    CallieJo Active Member

  6. David Thomas

    David Thomas Active Member

    Except OpenID would require the user putting in some URL to login that they'd either need to memorize or copy/pasta into the OpenID field. oAuth works exactly like Twitter authentication does right now, where it says "Do You Want To Connect 'Allow' or 'Deny'". If the user isn't logged in, they just login using their "base" forum details, since the popup would technically be hosted on your own server.
     
    CallieJo likes this.
  7. CallieJo

    CallieJo Active Member

    I like the sounds of oAuth! Thanks for explaining.
     
  8. Jason

    Jason Well-Known Member

    People tend to confuse the two.

    OpenID is used for authentication (i.e., proving who you are; single sign-on). All it's intended to do is allow an OpenID provider to prove you are who you say. OAuth, on the other hand, is about authorization -- meaning you are authorizing a third party access to data/functionality, without them having to deal with the original authentication (e.g., they don't need the user's username/password). The user can later revoke such authorization, as well.

    The two can be used together, and indeed, a lot of sites use identity authentication to provide authorization; however, the two can be separated out.
     
    laztrix likes this.
  9. David Thomas

    David Thomas Active Member

    Thank you for clearing that up, Jason! It is a bit confusing, to say the least.

    I guess my point was, for the kind of system I was describing, oAuth would be a better fit in general.
     
  10. Jason

    Jason Well-Known Member

    That it is, and most people are probably not even aware they most likely already have an OpenID.

    I too would say OAuth is a better fit for what you're wanting to do, especially since you would not necessarily be in control of the data on these external forums.

    The great thing is, whether XenForo (by default) allows you to provide and consume oauth/openid, it's relatively easy to add yourself.
     
  11. David Thomas

    David Thomas Active Member

    Yeah I was looking into oAuth the other day, and it's really not that difficult.

    My thinking is, though, even if it's in 2.0 or 3.0, having it by default would potentially mean more sites to connect with, since some admins may not know a mod exists or don't want to install a mod for fear that it becomes unmaintained.
     
    CallieJo and Blandt like this.
  12. Onimua

    Onimua Well-Known Member

    I just want to point out that my suggestion mainly would focus on your XenForo installation and any sites you also run and want to have a specific user focus on it without installing XF on that site as well (particularly when you want to do something outside of the forum scope and outside of a particular domain).

    I understand your idea of spreading it out so that a user can jump from XF install to XF install, but I just want to point out my idea wasn't exactly to have XenForo compete against the likes of Facebook Connect [for example]. :p
     
  13. David Thomas

    David Thomas Active Member

    Yes, sorry for splattering your thread with my ideas! :p I do recognize your request is a bit different than mine, but I started thinking about other possibilities, forgot to make my own thread!

    Can we get a mod or admin to separate the thread into two?
     
  14. rthrash

    rthrash New Member

    Just as important as being able to use the XenForo user system for authenticating other applications, it should be possible to have XenForo use an existing authentication method from other applications (external authentication, be it OAuth, OpenID, etc.).
     
  15. Shamil

    Shamil Well-Known Member

    There are so many external authenticators that it's become fragmented, to the point where maintenance is a pain in the ass.
     
  16. Mattie Num Nums

    Mattie Num Nums Active Member

    I totally agree with you!!!
     
  17. rthrash

    rthrash New Member

    There may be a lot of authentication providers, but there are many existing sites and applications with user systems that already exist that would LOVE to have a great forum to bolt on top. Offloading authentication via an API would be a killer feature that developers could use to integrate XenForo into their existing projects.
     
  18. Slavik

    Slavik XenForo Moderator Staff Member

    Definate thumbs up on this from me, the ability to provide API's to my customers from my site would be just mind blowingly futuristic for most of them!
     
    rthrash likes this.
  19. Ville

    Ville Member

    Yes!! Authentication API would be awesome!! I'm looking to integrate Xenforo with a custom site (likely to be built with Symfony and utilizing Wordpress for blog). I understand that XF+WP integration is already somewhat automatic, but in this case the user profile used by the rest of the site needs to be working with XF and WP as well. I had initially considered using Drupal 7 as the platform until I realized there is actually very little it would help with as most of the rest of the components for the site are essentially custom applications – most likely it would be just in the way.

    So I'm left with XF+WP+custom Symfony site. User name / profile and sessions must be valid across all. If someone's already done this or has other thoughts I'd love to hear!
     
  20. Shadab

    Shadab Well-Known Member

Share This Page