• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

[Suggestion] XenForo Connect

Onimua

Well-known member
#1
Sort of sprung up from when I was going to reply to this thread, but I decided to make it a new thread since this would be different from the approach brought up there.

Similar to Facebook Connect, it would allow administrators to build sites on other domains and by including a file/provide a login and password, you can plug into an XF installation and pull information as needed via API calls.

For example, I can have DomainA be my XenForo installation and DomainB would another site that does not have an XF installation on it. If I want to build a customized experience, I could simply include a file from DomainA and include it on DomainB.

Once that's done, the user could simply log into the site on DomainB and all their information (username, avatar, email, usergroup permissions) get passed to it. If I want to get any other information, I can use a simple call to get posts or threads by them, but mainly I can then know who a user is on DomainB and handle it how I want.
 
#2
oAuth implementation is nice.

I agree but i doubt this will get implemented.

On the other hand, xenForo does use the zend framework somewhat, if they still have it in there when it gets released then an API could be easily created with Zend oAuth's classes.
 
F

Floris

Guest
#3
I believe I read about openid being considered, you can just make openid.yoursite.com and use that one. This should perhaps resolve it for other sites you own if you point them to the same openid provider (that you run)?
 
#4
As a developer, this would be quite the Godsend. I'm currently working on a network now, and integrating x-amount of unique software is a huge pain. Something like a global.php in MyBB, except solely for sending user information, so you don't run into issues with clashing variable names or other "fun" integration roadblocks.

But taking this further, we could, as suggested in the thread, implement oAuth (even as a third-party mod). Then, essentially, we could network XenForo forums by allowing our users to use oAuth to authenticate to other forums, as Twitter allows you to do. So a user from my site could visit and post at your site without actually needing to make a new account. We could potentially take down social networks with such a feature, mwuahahahah!!!!

Of course, such a solution would require we make it secure, since user information would be going between sites.
 
#6
Except OpenID would require the user putting in some URL to login that they'd either need to memorize or copy/pasta into the OpenID field. oAuth works exactly like Twitter authentication does right now, where it says "Do You Want To Connect 'Allow' or 'Deny'". If the user isn't logged in, they just login using their "base" forum details, since the popup would technically be hosted on your own server.
 

CallieJo

Active member
#7
Except OpenID would require the user putting in some URL to login that they'd either need to memorize or copy/pasta into the OpenID field. oAuth works exactly like Twitter authentication does right now, where it says "Do You Want To Connect 'Allow' or 'Deny'". If the user isn't logged in, they just login using their "base" forum details, since the popup would technically be hosted on your own server.
I like the sounds of oAuth! Thanks for explaining.
 

Jason

Well-known member
#8
People tend to confuse the two.

OpenID is used for authentication (i.e., proving who you are; single sign-on). All it's intended to do is allow an OpenID provider to prove you are who you say. OAuth, on the other hand, is about authorization -- meaning you are authorizing a third party access to data/functionality, without them having to deal with the original authentication (e.g., they don't need the user's username/password). The user can later revoke such authorization, as well.

The two can be used together, and indeed, a lot of sites use identity authentication to provide authorization; however, the two can be separated out.
 
#9
Thank you for clearing that up, Jason! It is a bit confusing, to say the least.

I guess my point was, for the kind of system I was describing, oAuth would be a better fit in general.
 

Jason

Well-known member
#10
Thank you for clearing that up, Jason! It is a bit confusing, to say the least.

I guess my point was, for the kind of system I was describing, oAuth would be a better fit in general.
That it is, and most people are probably not even aware they most likely already have an OpenID.

I too would say OAuth is a better fit for what you're wanting to do, especially since you would not necessarily be in control of the data on these external forums.

The great thing is, whether XenForo (by default) allows you to provide and consume oauth/openid, it's relatively easy to add yourself.
 
#11
Yeah I was looking into oAuth the other day, and it's really not that difficult.

My thinking is, though, even if it's in 2.0 or 3.0, having it by default would potentially mean more sites to connect with, since some admins may not know a mod exists or don't want to install a mod for fear that it becomes unmaintained.
 

Onimua

Well-known member
#12
But taking this further, we could, as suggested in the thread, implement oAuth (even as a third-party mod). Then, essentially, we could network XenForo forums by allowing our users to use oAuth to authenticate to other forums, as Twitter allows you to do. So a user from my site could visit and post at your site without actually needing to make a new account. We could potentially take down social networks with such a feature, mwuahahahah!!!!.
I just want to point out that my suggestion mainly would focus on your XenForo installation and any sites you also run and want to have a specific user focus on it without installing XF on that site as well (particularly when you want to do something outside of the forum scope and outside of a particular domain).

I understand your idea of spreading it out so that a user can jump from XF install to XF install, but I just want to point out my idea wasn't exactly to have XenForo compete against the likes of Facebook Connect [for example]. :p
 
#13
Yes, sorry for splattering your thread with my ideas! :p I do recognize your request is a bit different than mine, but I started thinking about other possibilities, forgot to make my own thread!

Can we get a mod or admin to separate the thread into two?
 
#14
Just as important as being able to use the XenForo user system for authenticating other applications, it should be possible to have XenForo use an existing authentication method from other applications (external authentication, be it OAuth, OpenID, etc.).
 
#17
There may be a lot of authentication providers, but there are many existing sites and applications with user systems that already exist that would LOVE to have a great forum to bolt on top. Offloading authentication via an API would be a killer feature that developers could use to integrate XenForo into their existing projects.
 

Slavik

XenForo moderator
Staff member
#18
Definate thumbs up on this from me, the ability to provide API's to my customers from my site would be just mind blowingly futuristic for most of them!
 
#19
Yes!! Authentication API would be awesome!! I'm looking to integrate Xenforo with a custom site (likely to be built with Symfony and utilizing Wordpress for blog). I understand that XF+WP integration is already somewhat automatic, but in this case the user profile used by the rest of the site needs to be working with XF and WP as well. I had initially considered using Drupal 7 as the platform until I realized there is actually very little it would help with as most of the rest of the components for the site are essentially custom applications – most likely it would be just in the way.

So I'm left with XF+WP+custom Symfony site. User name / profile and sessions must be valid across all. If someone's already done this or has other thoughts I'd love to hear!