Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2020-05-14 02:31:34

robhert
Member
From: Perú
Registered: 2007-04-27
Posts: 204
Website

About Social Login like Google, Facebook, Apple ID or Microsoft 365

Hi, I wonder if there is a easy way to implement that kind of Login. In fact, all I want is People with their MS 365 and Google account login and get access to some aspects (pages, options) of my site. I want people to download educational files.

Any ideas if it is possible? Thanks in advance.

Offline

#2 2020-05-14 09:59:25

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 8,190
Website

Re: About Social Login like Google, Facebook, Apple ID or Microsoft 365

Hi robhert,

I do not think that there is such a thing for txp. I also believe that having one, will open a Pandora’s box. Why for example, just limit it to MS 365 and Google and not expand it to facebook, myspace, vimeo, apple, etc. As these companies constantly change their APIs there will also be an issue about maintaining such support. Having said that, maybe somebody can think of a way to advice you of alternatives.


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | NeMe @ github | Covid-19; a resource
I do my best editing after I click on the submit button.

Offline

#3 2020-05-14 11:42:38

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 9,650
Website

Re: About Social Login like Google, Facebook, Apple ID or Microsoft 365

There’s nothing in Textpattern land that does this right now as far as I’m aware.

Most providers probably use some variant of OAuth these days. There are various tutorials on how to do it floating around the internet, but they all revolve around some or more steps in this process:

  • Obtain a secret API key by registering as a developer on each service you want to offer login.
  • Decide which permissions you need people to agree to.
  • Create a login app on said platform and submit it for review (not entirely sure why this is needed; presumably for authentication purposes).
  • Install the SDK for each platform on your website (this would be done in one or more Txp plugins, essentially: perhaps a base plugin to handle tags and installation, and a set of small bolt-on plugins, one for each provider so people could mix and match which login services they want to offer).
  • Add the necessary access and tracking JavaScript to your pages.
  • Add the login widgets to your markup for each service.
  • Potentially store the received login info in dedicated tables in Txp for future authorisation. Didn’t read this in detail, so it may be optional or only for a specific use case.

Facebook provide some guidance on the subject for their specific service. Other providers do the same.

It’s not really something I have time for right now but maybe other developers might be able to help out if there’s value in this.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#4 2020-05-14 13:42:54

robhert
Member
From: Perú
Registered: 2007-04-27
Posts: 204
Website

Re: About Social Login like Google, Facebook, Apple ID or Microsoft 365

Thank you very much Yiannis and Bloke. Yes, now I understand how complicated it could be. Maybe you could give some hints: How could I share files, some free, some with a password… What I want is to know WHO downloaded my stuff.

Offline

#5 2020-05-14 15:14:56

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 8,190
Website

Re: About Social Login like Google, Facebook, Apple ID or Microsoft 365

robhert wrote #322980:

Thank you very much Yiannis and Bloke. Yes, now I understand how complicated it could be. Maybe you could give some hints: How could I share files, some free, some with a password… What I want is to know WHO downloaded my stuff.

Regarding free files, I guess that you know. Regarding your second point, you could use com_connect and something like this:

<txp:com_connect to="email@domail.tld" label=""  thanks_form="form_name" subject="your site: downloaded files">
<txp:com_connect_text label="Your name" required="1" class="" />
<txp:com_connect_text label="Your surname" required="1" class="" />
<txp:com_connect_email name="Email" label="Your email" required="1" class="" />
<txp:com_connect_serverinfo name="REMOTE_ADDR" label="IP number" />
<txp:com_connect_serverinfo name="HTTP_USER_AGENT" label="Browser" />
<txp:com_connect_submit label="Retrieve files" />
</txp:com_connect>

The form_name thanks_form could have the links to your “hidden” files and they would only appear after the form is submitted. Note that not everyone will be submitting their real email, but that will be a tell tell sign too.


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | NeMe @ github | Covid-19; a resource
I do my best editing after I click on the submit button.

Offline

#6 2020-05-14 15:33:03

robhert
Member
From: Perú
Registered: 2007-04-27
Posts: 204
Website

Re: About Social Login like Google, Facebook, Apple ID or Microsoft 365

Thank you very much Yiannis. I’ll give it a shot. Have a nice day :)

Offline

#7 2020-05-14 15:43:45

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 9,650
Website

Re: About Social Login like Google, Facebook, Apple ID or Microsoft 365

In combination with what Yiannis suggested, you could also see if smd_access_keys might help. That allows you to create unique tokens for downloads or areas of your site you wish to restrict.

I’ve not tried this, but one way you could use it is:

  1. Access protect /files so people can’t get at your content by hand in the URL (see .htaccess-dist).
  2. Create a form (com_connect?) with an input field for an email address/name/whatever.
  3. Beneath that, list all the files you are offering for download. Perhaps checkboxes alongside each to allow multiple files to be downloaded if you wish.
  4. You can use <txp:file_download_list> to generate the above, but instead of the links being to the files directly, they could just transmit content back to the same page, or submit the form, or if you want to capture more than one in a single message, create a checkbox list as I mentioned above.
  5. In the thanks_form, extract the email address and file(s) that the person wants, then call the <smd::access_key trigger="file_download" url="http://example.com/file_download/1/your-filename.docx" max="1" /> tag for each file they want. You could pass in their email address as extra data and it’ll be used as part of the token generation routine (encode it first if you wish). That means each access is unique and tied to that token and person.
  6. Either display the resulting token as a hyperlink right there in the page for them to get access to their file. Or (better, to stop them using fake addresses), put the access token link(s) in the email and send it to the given address. When they open the message, all the links will be there for them to download the files.

In this way, every visitor that wants a file is emailed one or more links to the protected resources. You can see in the plugin table (Extensions->Access keys) which ones have been accessed by their download count increasing.

Haven’t figured out how you’ll know which email address has accessed which record yet. The extra data isn’t recorded in the access keys table. You could siphon the email address off to a separate table or an admin email account if you like when the form is submitted? At least you’ll know who has potentially accessed the files. If you store the t_hex value as well (available in the <txp:smd_access_info /> tag in the <txp:smd_access_key> container/form) against the email address then you could match that to a record when it’s accessed to know who accessed what.

Hope that helps. Let me know if you need any assistance and I’ll see what I can do.

Last edited by Bloke (2020-05-14 15:48:39)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#8 2020-05-14 15:50:12

robhert
Member
From: Perú
Registered: 2007-04-27
Posts: 204
Website

Re: About Social Login like Google, Facebook, Apple ID or Microsoft 365

Wow Bloke. Now I have a task. I am going to try it later today. I will let you know what happen. Thank you very much.

Offline

#9 2020-05-14 17:12:34

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 8,190
Website

Re: About Social Login like Google, Facebook, Apple ID or Microsoft 365

Bloke wrote #322983:

In combination with what Yiannis suggested, you could also see if smd_access_keys might help. That allows you to create unique tokens for downloads or areas of your site you wish to restrict.

How did I forget about this? You can check the docs in Stef’s site.


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | NeMe @ github | Covid-19; a resource
I do my best editing after I click on the submit button.

Offline

Board footer

Powered by FluxBB