3
I have an application in ZF1 running and with authentication system that uses database query. I would like to know how I can integrate the 2 ways to log in, IE, if the user opts for facebook, have the same accesses and the same information from the one who chose to log in directly on the site (user/password).
Remembering that I’m not just looking for code ready, my doubt is more conceptual same.
2
The solution I use and recommend is to link your Facebook profile to your website by email address.
You need to integrate the authorization process with Facebook Oauth using the scope of the requested API that includes the 'email' value'.
This will allow you to call the Facebook API at this address below to ask for the user’s email.
https://graph.facebook.com/me
Then in your application you check if you already have any users with the email returned. If it does not exist, you create a new registration with the user data obtained from Facebook.
If it already exists, you simply start a logged in user session for the user of your website who has the email returned by Facebook.
I use this scheme on my websites since a couple of years ago and users loved it because I never ask for username and password. Users hate having to register a new password and do the usual email verification process. So with Oauth the two things are avoided.
Even so I allow the usual registration of user, password and email for those who do not have Facebook account or do not want to log in through Facebook.
In fact, I not only allow logging in through Facebook, but also through Google, Yahoo, Microsoft, Stackoverflow and Github. Most of these sites use the Oauth scheme. Some only provide email by Openid.
So I developed a generic class of PHP to Oauth which has built-in support for dozens of Apis, and can support many more with manual configuration.
It is not a specific class for Zend Framework, but can be used with any framework including Zend. Here’s an example of how log in to Facebook by Oauth using this class.
0
If you have two authentication systems, their purpose is the same: to allow your user access to the system.
Login authentication is the most common, and with a simple form (and the appropriate security validations) already solves your life. However, logging in via Facebook is very practical for the user, and depending on the permissions your application requires, you can have the same information you would have if you chose a conventional login form.
When you allow your application (or website) to access your data through Facebook, it is allowing the application to have your oauth_token and oauth_token_secret. Therefore, it is these values that you will need to store every time you try to authorize a user.
When a user, for example, revokes an application’s access to its profile, it is invalidating oauth_token and oauth_token_secret, so your application will need to ask permission again to access its data. On the other hand, access to the user will be denied, forcing him to provide his data again - or make a traditional registration.
Browser other questions tagged php facebook zend oauth
You are not signed in. Login or sign up in order to post.
As there is already authentication via login (and by the possibility of part of my target audience not wanting to use Facebook for this purpose) it will be necessary that the two forms of login walk together. If I understand correctly, so that the user can log in again (by Facebook), the information for authentication will be oauth_token and oauth_token_secret? Would then be the inclusion of these two columns in my user table?? Another question, in Facebook Ids is that I can recover the id through the getuser() method, and how do I check the tokens?
– fabioAlmeida