Welcome to Geeklog, Anonymous Tuesday, November 12 2024 @ 08:25 am EST

Geeklog Forums

oAuth remote login does not show


Status: offline

remy

Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
When I first installed GL 2.0.0, these buttons for remote login were available, but I disabled them. Now, having registered with LinkedIn for remote authentication, I cannot enable them any more. They just don't show any more.

I see the following oddities:

-- In the config screens, I was used to seeing a error when I enable f.i. Twitter without filling in the secret keys. This is gone too: whatever I modify, it's okay.

-- geeklog.net allows for remote auth, but only in the user-function-block. If you are forced to login, the remote options are sometimes not complete (just facebook and twitter).

-- I read a comment that you should insert the secret keys in the oAuth classes too. And I 've read a comment saying that this is not necessary any more. The install docs does not mention anything about that. I'm confused.

Anybody having the same experiences? Or a hint where to look for what?
 Quote

Status: offline

remy

Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
Found the cause, but had to analyse security.lib first.

It turns out that, when new_user_registration is disabled OR new_users go into the submission queue for moderation, the remote oauth services are not enabled.
Having these configs fixed and in a correct balance with security, it turns out that a user account is activated. This lacks a email-address and there is no service name (@linkedin in my case). Not sure if GL will use email services of linkedin for sending notifications.

The documentation only mentions that a temporary account with a adjusted username is created. Both statements are false: the account is infinite and the full name is used as the username. This must clash very soon.
The documentation mentions that such user is added to the group remote-users only. Also not true. I find the user in the groups All-users AND in Logged-in users (even when the user logged out!!).

Though the user cannot change the password, I wonder if that can abused.
Can anybody shine a light on above troubles? Should I file bugs, feature-request?
 Quote

antiqueone

Anonymous
I have exactly the same problem as Remy. I am using Geeklog 2.0.0.
Is there any fix for this?
 Quote

All times are EST. The time is now 08:25 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content