nodge/yii-eauth EAuth extension allows to authenticate users by the OpenID, OAuth 1.0 and OAuth 2.0 providers.

Yii EAuth extension

EAuth extension allows to authenticate users with accounts on other websites. Supported protocols: OpenID, OAuth 1.0 and OAuth 2.0.

EAuth is a extension for provide a unified (does not depend on the selected service) method to authenticate the user. So, the extension itself does not perform login, does not register the user and does not bind the user accounts from different providers.

Why own extension and not a third-party service?

The implementation of the authorization on your own server has several advantages:

  • Full control over the process: what will be written in the authorization window, what data we get, etc.
  • Ability to change the appearance of the widget.
  • When logging via OAuth is possible to invoke methods on API.
  • Fewer dependencies on third-party services - more reliable application.

The extension allows you to:

  • Ignore the nuances of authorization through the different types of services, use the class based adapters for each service.
  • Get a unique user ID that can be used to register user in your application.
  • Extend the standard authorization classes to obtain additional data about the user.
  • Work with the API of social networks by extending the authorization classes.
  • Set up a list of supported services, customize the appearance of the widget, use the popup window without closing your application.

Extension includes:

  • The component that contains utility functions.
  • A widget that displays a list of services in the form of icons and allowing authorization in the popup window.
  • Base classes to create your own services.
  • Ready for authenticate via Google, Twitter, Facebook and other providers.

Included services:

  • OpenID:
    • Yahoo
    • Steam
    • Wargaming
  • OAuth1:
    • Twitter
    • LinkedIn
  • OAuth2:
    • Google
    • Facebook
    • Live
    • GitHub
    • Yandex (ru)
    • VKontake (ru)
    • Mail.ru (ru)
    • Odnoklassniki (ru)
    • Moi Krug(ru)
    • Dropbox
    • EVE Online

Resources

Requirements

Installation

  • Install loid and EOAuth extensions
  • Extract the release file under protected/extensions
  • In your protected/config/main.php, add the following:
<?php
...
    'import'=>array(
        'ext.eoauth.*',
        'ext.eoauth.lib.*',
        'ext.lightopenid.*',
        'ext.eauth.*',
        'ext.eauth.services.*',
    ),
...
    'components'=>array(
        'loid' => array(
            'class' => 'ext.lightopenid.loid',
        ),
        'eauth' => array(
            'class' => 'ext.eauth.EAuth',
            'popup' => true, // Use the popup window instead of redirecting.
            'cache' => false, // Cache component name or false to disable cache. Defaults to 'cache'.
            'cacheExpire' => 0, // Cache lifetime. Defaults to 0 - means unlimited.
            'services' => array( // You can change the providers and their classes.
                'steam' => array(
                    'class' => 'SteamOpenIDService',
                    //'realm' => '*.example.org',
                ),
                'yahoo' => array(
                    'class' => 'YahooOpenIDService',
                    //'realm' => '*.example.org',
                ),
                'wargaming' => array(
                    'class' => 'WargamingOpenIDService'
                ),
                'twitter' => array(
                    // register your app here: https://dev.twitter.com/apps/new
                    'class' => 'TwitterOAuthService',
                    'key' => '...',
                    'secret' => '...',
                ),
                'google_oauth' => array(
                    // register your app here: https://code.google.com/apis/console/
                    'class' => 'GoogleOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                    'title' => 'Google (OAuth)',
                ),
                'yandex_oauth' => array(
                    // register your app here: https://oauth.yandex.ru/client/my
                    'class' => 'YandexOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                    'title' => 'Yandex (OAuth)',
                ),
                'facebook' => array(
                    // register your app here: https://developers.facebook.com/apps/
                    'class' => 'FacebookOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                ),
                'linkedin' => array(
                    // register your app here: https://www.linkedin.com/secure/developer
                    'class' => 'LinkedinOAuthService',
                    'key' => '...',
                    'secret' => '...',
                ),
                'github' => array(
                    // register your app here: https://github.com/settings/applications
                    'class' => 'GitHubOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                ),
                'live' => array(
                    // register your app here: https://manage.dev.live.com/Applications/Index
                    'class' => 'LiveOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                ),
                'vkontakte' => array(
                    // register your app here: https://vk.com/editapp?act=create&site=1
                    'class' => 'VKontakteOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                ),
                'mailru' => array(
                    // register your app here: http://api.mail.ru/sites/my/add
                    'class' => 'MailruOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                ),
                'moikrug' => array(
                    // register your app here: https://oauth.yandex.ru/client/my
                    'class' => 'MoikrugOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                ),
                'odnoklassniki' => array(
                    // register your app here: http://dev.odnoklassniki.ru/wiki/pages/viewpage.action?pageId=13992188
                    // ... or here: http://www.odnoklassniki.ru/dk?st.cmd=appsInfoMyDevList&st._aid=Apps_Info_MyDev
                    'class' => 'OdnoklassnikiOAuthService',
                    'client_id' => '...',
                    'client_public' => '...',
                    'client_secret' => '...',
                    'title' => 'Odnokl.',
                ),
                'dropbox' => array(
                    // register your app here: https://www.dropbox.com/developers/apps/create
                    'class' => 'DropboxOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                ),
                'eve' => array(
                    // register your app here: https://developers.eveonline.com/applications
                    'class' => 'EveOnlineOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                ),
                'slack' => array(
                    // register your app here: https://api.slack.com/applications/new
                    'class' => 'SlackOAuthService',
                    'client_id' => '...',
                    'client_secret' => '...',
                    'title' => 'Slack',
                ),

            ),
        ),
        ...
    ),
...

Usage

Demo project

The source code of the demo is available here.

Basic setup

The action

<?php
...
    public function actionLogin() {
        $serviceName = Yii::app()->request->getQuery('service');
        if (isset($serviceName)) {
            /** @var $eauth EAuthServiceBase */
            $eauth = Yii::app()->eauth->getIdentity($serviceName);
            $eauth->redirectUrl = Yii::app()->user->returnUrl;
            $eauth->cancelUrl = $this->createAbsoluteUrl('site/login');

            try {
                if ($eauth->authenticate()) {
                    //var_dump($eauth->getIsAuthenticated(), $eauth->getAttributes());
                    $identity = new EAuthUserIdentity($eauth);

                    // successful authentication
                    if ($identity->authenticate()) {
                        Yii::app()->user->login($identity);
                        //var_dump($identity->id, $identity->name, Yii::app()->user->id);exit;

                        // special redirect with closing popup window
                        $eauth->redirect();
                    }
                    else {
                        // close popup window and redirect to cancelUrl
                        $eauth->cancel();
                    }
                }

                // Something went wrong, redirect to login page
                $this->redirect(array('site/login'));
            }
            catch (EAuthException $e) {
                // save authentication error to session
                Yii::app()->user->setFlash('error', 'EAuthException: '.$e->getMessage());

                // close popup window and redirect to cancelUrl
                $eauth->redirect($eauth->getCancelUrl());
            }
        }

        // default authorization code through login/password ..
    }

The view

<?php
    if (Yii::app()->user->hasFlash('error')) {
        echo '<div class="error">'.Yii::app()->user->getFlash('error').'</div>';
    }
?>
...
<h2>Do you already have an account on one of these sites? Click the logo to log in with it here:</h2>
<?php
    $this->widget('ext.eauth.EAuthWidget', array('action' => 'site/login'));
?>

Getting more user data (optional)

To receive all the necessary data to your application, you can override the base class of any provider. Base classes are stored in protected/extensions/eauth/services/. Examples of extended classes can be found in protected/extensions/eauth/custom_services/.

After overriding the base class, you need to modify your configuration file to set new name of the class. Also you may need to override the EAuthUserIdentity class to store additional data.

Translations (optional)

  • Copy the file /protected/extensions/eauth/messages/[lang]/eauth.php to /protected/messages/[lang]/eauth.php to translate the EAuth extension into other languages.
  • To add a new language, you can use the blank file /protected/extensions/eauth/messages/blank/eauth.php.

License

Some time ago I developed this extension for LiStick.ru and I still support the extension.

The extension was released under the New BSD License, so you'll find the latest version on GitHub.

Changelog

Yii EAuth Change Log

10.04.2017 (v1.2.0)

  • Fix parsing access token in Facebook OAuth service (#109 #110 #111)
  • Use the latest Graph Api v2.8 for Facebook
  • Remove old unavailable OpenID servers (Google and Yandex)

03.01.2016 (v1.1.0)

  • Use the latest Graph Api v2.5 for Facebook (#107)

23.01.2015 (v1.0.0)

  • Added Slack OAuth service

19.11.2014

  • Added EVE Online OAuth service
  • Added Wargamin Open ID service

11.03.2014

  • Removed CURLOPT_SSL_VERIFYPEER=0 (#82)

13.01.2014

  • Added Dropbox OAuth service

20.12.2013

  • Added Yahoo Open ID service

15.12.2013

  • Added Steam Open ID service

08.12.2013

  • Try to automatically restore OAuth tokens from session (#76)
  • Added ability to change redirectUrl and cancelUrl through config (#77)
  • Change error arguments for Facebook (#78)

08.08.2013

  • Added proper error handling.
  • Added Ukrainian translation.

08.07.2013

  • Added default scope to Linkedin provider.

15.06.2013

  • Update Twitter API to 1.1 (fixed #61)
  • Add User-Agent header in GitHubOAuthService.php (fixed #60)
  • Reformat source code
  • Added ability to change OpenID realm
  • Added OpenID optional attributes

Changes before 15.06.2013

  • Added Microsoft Live OAuth provider.
  • Added Yandex OAuth provider.
  • Added CustomFacebookService example class.
  • Added 'cache' and 'cacheExpire' options to control cache.
  • Added list of services to display in the EAuthWidget.
  • Changed VK.com API urls.

Version 1.1.8 (10.06.2012)

  • Added optional headers in EOAuthServiceBase::initRequest().
  • Added LinkedIn OAuth provider.
  • Added GitHub OAuth provider.
  • Fixed sending signed requests with the query parameters in the EOAuthService.

Version 1.1.7 (30.03.2012)

  • Fixed issue #11. Twitter must authorize user everytime they login.
  • Fixed issue #10. VKontakte must authorize user everytime they login with empty oauth scope.
  • Fixed translations.
  • Fixed bug in the EOAuthService::initRequest(), incorrect variable use in http header.
  • Fixed error with CURL HTTP chunked transfer encoding.

Version 1.1.6 (01.02.2012)

  • Added EAuthUserIdentity class.
  • Added translations support.
  • Fixed EAuthServiceBase::hasArrtubite() and EAuthServiceBase::getId() methods.

Version 1.1.5 (03.01.2012)

  • Added MoiKrug OAuth provider.
  • Added Odnoklassniki OAuth provider.
  • Added ability to write in the log of unsuccessful requests in the EAuthServiceBase::makeRequest().
  • Added access_token lifetime handling, #1 closed. Please, check your custom OAuth 2.0 classes!
  • Added links to provider files to register your applications.
  • Changed url for the Yandex OpenID.
  • Fixed infinite loop when calling getAttrbiutes from fetchAttributes inside a provider class.
  • Removed $_GET['js'] from the redirect_uri for the OAuth 2.0 providers, which could cause problems with a callback URL for some providers.
  • Small fixes in the css of the widget.

Version 1.1.4 (13.11.2011)

  • Added handling for denied callback in the TwitterOAuthService.
  • Fixed a redirect page for disabled javascript.
  • EAuthWidget been rewritten for use with CController->widget() instead of EAuth->renderWidget().
  • Added automatic detection of the current action in the widget.
  • Fixed popup window size for the new Google design.

Version 1.1.3 (14.10.2011)

  • MailruOAuthService::makeSignedRequest() now fully compatible with the basic method.
  • Fixed error when MailruOAuthService::getAccessToken() returns an empty token.
  • Fixed: service IDs in the configuration is no longer associated with the names of services.
  • Fixed MailruOAuthService::getTokenUrl() method to be fully compatible with the basic method.
  • Added Google OAuth 2.0 provider, updated css file of the widget.

Version 1.1.2 (08.10.2011)

  • Fixed fetchJsonError() method in OAuth providers.
  • Fixed examples of custom classes for OAuth 2.0 providers.
  • Updated EAuth::redirect() method to support the closing popup window without $_GET['js'] variable.

Version 1.1 (07.10.2011)

  • Fixed a wrong call urldecode instead of urldecode in the FacebookOAuthService.php.
  • Fixed exception rethrowing: removed unnecessary $e->getPrevious() call.
  • Fixed: the call $service->getItemAttributes() returns an empty array.
  • Removed checking $_GET['error_reason'] in EOAuth2Service.php.
  • EAuthServiceBase is an abstract class now.
  • Updated curl requests api.
  • Updated OAuth Service Providers.
  • Method getItemAttributes() renamed to getAttributes().
  • Added methods to work with a authorization session (Methods: getStateKeyPrefix, setState, hasState, getState).
  • Added Mail.ru OAuth provider, updated css file of the widget.
  • Added getters support for service attributes.

Version 1.0 (02.10.2011)

  • Initial release.

Statistics

Downloads
GitHub Stars
GitHub Forks

Releases

Comments



1.2.0 is the latest of 3 releases



BSD 2-Clause License license
Stats
330 github stars & 115 github forks
0 downloads in the last day
0 downloads in the last 30 days
41522 total downloads