EXT: Easy Login¶

Table of Contents¶

`EXT: Easy Login 1 <#__RefHeading__5708_1738894311>`_

`Introduction 3 <#__RefHeading__5710_1738894311>`_

What does it do? 3

Screenshots 3

`Users manual 4 <#__RefHeading__467_413120346>`_

FAQ 4

`Installation 5 <#__RefHeading__31511_818911409>`_

`Configuration 7 <#__RefHeading__31515_818911409>`_

CONTENTELEMENT Example 9

OPENID Example 9

FACEBOOK Example 9

OAUTH1 Example 10

`Known problems 11 <#__RefHeading__31525_818911409>`_

`To-Do list 12 <#__RefHeading__477_413120346>`_

`ChangeLog 13 <#__RefHeading__31623_818911409>`_

Upgrade 13

References 13

Introduction¶

plugin.tx_dixeasylogin_pi1.template_path = typo3conf\ext\dix_easylogin\templates

plugin.tx_dixeasylogin_pi1.provider {
    100 = OPENID
    100.name = MyOwnOpenIdService
    100.url = https://www.myserver.xyz/
    100.icon = fileadmin/icons/myicon.gif
    100.showWhenLoggedIn = {$plugin.tx_dixeasylogin_pi1.allowUpdate}
}

plugin.tx_dixeasylogin_pi1.provider.30.url = http://myopenid.com/

Installation¶

Be sure you have cURL installed.

Create a facebook app (https://developers.facebook.com/apps) with your domain and write down the App ID and the App Secret

Create a twitter app (https://dev.twitter.com/apps/new) with your domain and write down the Consumer ID and the Consumer Secret

Create a Linkedin app (https://www.linkedin.com/secure/developer) with your domain and write down the API Key and the Secret Key. You will need to enter the verification URL (see FAQ).

Google changed from OpenID to OAuth2, so you should register a Google app as well ( https://console.developers.google.com/ → APIS & AUTH) and write down the Client ID and the Client Secret. You will need to enter the verification URL (see FAQ). Note that due to compatibility you have to enable “google_oauth2” and disable “google” in TS constants.

Install extension

Insert a content element "login" on any page, it can be on a page not visible to the user (e.g. "hide in menu").Write down uid of that record.That login should work (that means a user storage page with a user record and usergroup record has been created and the page id of the user storage is configured. If you are not sure what that means, read this: http://wiki.typo3.org/Felogin )

Insert a content element "plugin" - "easylogin" on the login page

Include the static TypoScript (Include static (from extensions): Easylogin), insert these constants into your TS template and fit them to your needs:

plugin.tx_dixeasylogin_pi1 {
                # if jQuery, jQueryUI and the lightness theme should be included by default.
                # if turned off, you have to take care for yourself that the libraries
                # are loaded (smart if other extensions also include jQuery)
        include_jQuery = 1

                # if the user should be created when not already found in the database
        allowCreate = 1

                # if a mail should be sent to the admin if the user is created
        mailAdminOnCreate = 0
        mailAdminFrom = user@domain.com
        mailAdminTo = user@domain.com

                # create user only if email address matches this domain(s)
          # e.g. "example.com, *.mycompany.org"
        trustedDomains = *

                # if the user should be able to connect his login with a login provider
                # when already authenticated
        allowUpdate = 1

                # where the fe_users records should be stored when created
        user_pid = 6

                # when a user is created, he will get this usergroup(s)
        usergroup = 1

                # page where the "easylogin" plugin is located
                # used for the xrds definition
        pid_loginPage = 21

                # uid of the common login
        uid_felogin = 10

                # register a facebook app to get these two values
        facebook_appID = YOUR-APP-ID
        facebook_appSecret = YOUR-APP-SECRET

                # register a twitter app to get these two values
        twitter_consumerKey = YOUR-CONSUMER-KEY
        twitter_consumerSecret = YOUR-CONSUMER-SECRET

                # register a xing app to get these two values
        xing_consumerKey = YOUR-CONSUMER-KEY
        xing_consumerSecret = YOUR-CONSUMER-SECRET

                # register a linkedin app to get these two values
        linkedin_consumerKey = YOUR-CONSUMER-KEY
        linkedin_consumerSecret = YOUR-CONSUMER-SECRET

                # register a google app to get these two values
        google_clientID = YOUR-CONSUMER-KEY
        google_clientSecret = YOUR-CONSUMER-SECRET

                # enable or disable login methods
        disable.felogin = 0
        disable.google = 1
        disable.yahoo = 0
        disable.myopenid = 0
        disable.wordpress = 0
        disable.facebook = 0
        disable.facebook_oauth2 = 1
        disable.twitter = 0
        disable.xing = 0
        disable.linkedin = 0
        disable.google_oauth2 = 0


}

Configuration¶

TypoScript Constants

disable.felogin = 0
disable.google = 0
disable.yahoo = 0
disable.myopenid = 0
disable.wordpress = 0
disable.facebook = 0
disable.twitter = 0
disable.xing = 0
disable.linkedin = 0

plugin.tx_dixeasylogin_pi1.provider {
     5 = CONTENTELEMENT
     5.name = User/Pass
     5.uid = 212
     5.showWhenLoggedIn = 1
}

plugin.tx_dixeasylogin_pi1.provider {
     30 = OPENID
     30.name = myOpenID
     30.url = http://###NAME###.myopenid.com/
     30.icon = EXT:dix_easylogin/res/icons/myopenid.ico
     30.showWhenLoggedIn = {$plugin.tx_dixeasylogin_pi1.allowUpdate}
}

plugin.tx_dixeasylogin_pi1.provider {
     50 = FACEBOOK
     50.name = facebook
     50.icon = EXT:dix_easylogin/res/icons/facebook.jpg
     50.appId = {$plugin.tx_dixeasylogin_pi1.facebook_appID}
     50.appSecret = {$plugin.tx_dixeasylogin_pi1.facebook_appSecret}
     50.showWhenLoggedIn = {$plugin.tx_dixeasylogin_pi1.allowUpdate}
}

plugin.tx_dixeasylogin_pi1.provider {
     # OAuth Version 1.1 as used by Twitter
     60 = OAUTH1
     60.name = Twitter
     60.icon = EXT:dix_easylogin/res/icons/twitter.gif
     60.sigMethod = HMAC_SHA1
     60.consumerKey = {$plugin.tx_dixeasylogin_pi1.twitter_consumerKey}
     60.consumerSecret = {$plugin.tx_dixeasylogin_pi1.twitter_consumerSecret}
     60.requestTokenUrl = https://api.twitter.com/oauth/request_token
     60.authorizeUrl = https://api.twitter.com/oauth/authorize
     60.accessTokenUrl = https://api.twitter.com/oauth/access_token
     # you can use markers in the requestProfileUrl, the corresponding values from the accessToken-response will be substituted
     60.requestProfileUrl = https://api.twitter.com/1/users/lookup.json?user_id=###user_id###
     60.showWhenLoggedIn = {$plugin.tx_dixeasylogin_pi1.allowUpdate}
     60.profileMap {
             # format:
             # key = response parameter
             # possible keys: fullname, firstname, lastname, suffix, prefix, postcode, country, nickname, email
             nickname = screen_name
             fullname = name
             id = id
     }
}

Known problems¶

• Does not work without cURL
• Without realurl or cooluri properly configured, the facebook login will not work. The reason is that the dynamically constructed URL that contains plugin-vars must not have a question mark '?' in it. Have a look at the extension configuration (Extension Manager). Example configuration for realurl:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['realurl']['_DEFAULT']['postVarSets']['_DEFAULT']['easylogin'] = array(
        '0' => array (
                'GETvar' => 'tx_dixeasylogin_pi1[action]',
        ),
);

• Thus the preserveGETvars = all configuration will not work with easylogin. Restore the configuration on the login page to the default, or see forge 45222 for further details.
• If you have - directly under your root - a page with the name easylogin and try to install easylogin on any other than that specific page you get an error that the piVars are unknown. This is due to the realurl configuration mentioned above. Solution: rename the page (or at least the nav title or the realurl title).
• Fixed: Logout doesn't work directly after a “connect” action (forge 65724)
• If you find some problems, please report them to markus.kappe@dix.at
• When someone logs in by two different means, there will be created two different user accounts (fe_users records). To avoid that, use the “connect” option (TS constant: allowUpdate = 1). The user has to connect to his second account (e.g. facebook) while he is already logged in with his first account (e.g. authenticated by Google).

To-Do list¶

• Better error handling, including check if username is filled in.
• DONE with version 0.4.0: Feature: include OAuth2
• DONE with version 0.3.0: Check for duplicate usernames
• Better manual (maybe someone will help on that? → markus.kappe@dix.at :)
• Testing
• Translations
• DONE : Enable authentication with more than one authentication provider.
• DONE with version 0.2.5: Better connection of foreign-identified user with fe_user record. E.g. someone logs in with username/password and then connects to facebook and/or twitter. So these identifiers will get connected to the current user.Thanx to jan- hendrik.schreier[at]bits-iserlohn.de for some code on that feature
• Feature “reviewed create”: Someone identifies via foreign provider, identifier is not in the database. The admin gets an email and if he clicks a confirmation link, the user gets confirmed (usergroup set or disabled=0).
• DONE with version 0.2.4: Feature: redirect after login (just like felogin, probably get the redirect from felogin to work even when logging in with 3 ^rd party authentication providers)

ChangeLog¶

See CHANGELOG.txt