Welcome to Geeklog, Anonymous Saturday, April 27 2024 @ 03:43 am EDT
Geeklog Forums
oauth facebook and ssl
Status: offline
casper
Forum User
Full Member
Registered: 02/11/04
Posts: 142
Location:Skien, Norway
About to enable this on a site not on my own server, and not sure what the requirements is.
OpenSSL is enabled, but do I need a sertificate?
I can get a sertificate on the address:
"https://www-mysite-com.secure.hostingcompany.com/"
Is that all I need?
What is necessary to setup this correct?
Did this once before, but cannot remember...
Can see that App ID and secret can be specified in facebook.auth.class.php, but there is also fields for this in the config-section.
Is this required in both places?
OpenSSL is enabled, but do I need a sertificate?
I can get a sertificate on the address:
"https://www-mysite-com.secure.hostingcompany.com/"
Is that all I need?
What is necessary to setup this correct?
Did this once before, but cannot remember...
Can see that App ID and secret can be specified in facebook.auth.class.php, but there is also fields for this in the config-section.
Is this required in both places?
4
2
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
No certificate is needed just the extension (OpenSSL) that knows how to deal with encryption.
No files need to be modified. Just enable Oauth in the Configuration and specify the app id and secret you receive from Facebook:
http://wiki.geeklog.net/index.php/OAuth
Tom
One of the Geeklog Core Developers.
No files need to be modified. Just enable Oauth in the Configuration and specify the app id and secret you receive from Facebook:
http://wiki.geeklog.net/index.php/OAuth
Tom
One of the Geeklog Core Developers.
1
4
Quote
Status: offline
casper
Forum User
Full Member
Registered: 02/11/04
Posts: 142
Location:Skien, Norway
Thanks Tom, worked like a charm this time. Probably did some stupidity on the last site, but got it working then too 
But... Profile picture is not collected. Is that a limitation, or an error on my side?
But... Profile picture is not collected. Is that a limitation, or an error on my side?
3
2
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
For the profile picture Facebook for some reason now sends a url that redirects to a different url that has the picture for the profile. Geeklog 2.0.0 oauth code cannot handle the redirection, Geeklog 2.1.0 code that is being released hopefully fairly soon can.
One of the Geeklog Core Developers.
One of the Geeklog Core Developers.
2
1
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Do regular users get logged out?
There was an issue in Geeklog 1.8.0 where Oauth and Open ID users would get logged out after 2 mins of inactivity. It had to do with the password cookie. (the quote below is from the dev mailing list way back in April of 2011. This should be an issue in Geeklog 1.8.1 though.
To update sites with this fix, OAuth and OpenID user accounts will need passwords now. Once someone else confirms this fix works for both I will update the upgrade script in Geeklog to add passwords to all of these accounts.
Tom
-----Original Message-----
To: 'Geeklog Development'
Subject: Re: [geeklog-devel] OAuth and sessions (was: Geeklog 1.8.0)
Okay, I found the problem with the OAuth account being logged out after 2 minutes of inactivity. This affects our OpenID implementation as well I believe (I haven't tested it yet, I need to get an OpenID 1.0 account).
The problem lies with the password cookie. We do not create and store passwords for OAuth accounts because there was no need due to the authentication happening with the OAuth provider. The problem is that the session handler was not updated to take this into account.
I have an update to fix the issue. Basically when an OAuth account is created, a password is now created as well. The only purpose of this password is to validate the session cookie information. I also updated the SESS_getUserDataFromId function and allowed it to returned the hash password as well so that when the user gets logged in the cookie will be set with a valid password.
I have updated the OpenID implementation as well and when an account is created with USER_createAccount I now supply a password to use with the account. As I mentioned before this OpenId fix is not tested but only 2 lines where changed.
One of the Geeklog Core Developers.
There was an issue in Geeklog 1.8.0 where Oauth and Open ID users would get logged out after 2 mins of inactivity. It had to do with the password cookie. (the quote below is from the dev mailing list way back in April of 2011. This should be an issue in Geeklog 1.8.1 though.
To update sites with this fix, OAuth and OpenID user accounts will need passwords now. Once someone else confirms this fix works for both I will update the upgrade script in Geeklog to add passwords to all of these accounts.
Tom
-----Original Message-----
To: 'Geeklog Development'
Subject: Re: [geeklog-devel] OAuth and sessions (was: Geeklog 1.8.0)
Okay, I found the problem with the OAuth account being logged out after 2 minutes of inactivity. This affects our OpenID implementation as well I believe (I haven't tested it yet, I need to get an OpenID 1.0 account).
The problem lies with the password cookie. We do not create and store passwords for OAuth accounts because there was no need due to the authentication happening with the OAuth provider. The problem is that the session handler was not updated to take this into account.
I have an update to fix the issue. Basically when an OAuth account is created, a password is now created as well. The only purpose of this password is to validate the session cookie information. I also updated the SESS_getUserDataFromId function and allowed it to returned the hash password as well so that when the user gets logged in the cookie will be set with a valid password.
I have updated the OpenID implementation as well and when an account is created with USER_createAccount I now supply a password to use with the account. As I mentioned before this OpenId fix is not tested but only 2 lines where changed.
One of the Geeklog Core Developers.
1
2
Quote
Status: offline
casper
Forum User
Full Member
Registered: 02/11/04
Posts: 142
Location:Skien, Norway
Regular users stays logged in.
Have 1.8.2sr1, or at least thats what the tarball say.
Downloaded it once more, and compared some files. Look the same.
But files is marked both 1.7.0 and 1.8.0 in the header, but Im aware that this is not always updated.
Not sure whitch file to check for this problem, or what the lines to be fixed contain?
Have 1.8.2sr1, or at least thats what the tarball say.
Downloaded it once more, and compared some files. Look the same.
But files is marked both 1.7.0 and 1.8.0 in the header, but Im aware that this is not always updated.
Not sure whitch file to check for this problem, or what the lines to be fixed contain?
1
2
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
That should have it...
http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/changeset/5a57074dcd8c
Check the /system/classes/oauthhelper.class.php file for
$passwords = USER_createPassword();
$users['passwd2'] = $passwords['encrypted'];
if it has these 2 lines then the problem is something else.
One of the Geeklog Core Developers.
http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/changeset/5a57074dcd8c
Check the /system/classes/oauthhelper.class.php file for
Text Formatted Code
$passwords = USER_createPassword();
$users['passwd2'] = $passwords['encrypted'];
if it has these 2 lines then the problem is something else.
One of the Geeklog Core Developers.
3
1
Quote
All times are EDT. The time is now 03:43 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content