tags:

views:

60

answers:

1
Q: 

Transparent user registration after external authentication in Drupal

I'm working on a Drupal 6 module to provide OAuth-based user authentication and registration. I'm already using the OAuth module to authenticate as described on http://oauth.net/core/1.0a/#anchor9. The next step is to create the user account using information provided after authentication using an custom API of the Service Provider.

According to http://drupal.org/node/497612#comment-3047302, I should not use user_external_login_register() but see the OpenID module for how to properly login an external user.

After studying the OpenID module, here is what I plan to do:

  • Try to load an existing user for a authname build from the custom API result using user_external_load().
  • If a user exists, use user_external_login() to log the user in.
  • If not, pretend the registration form has been submitted (like openid_authentication() does) to create a new user account. And redirect to a pre-filled form if any additional information is needed in order for the user to register.

Is this the right way to do it ? Is there another module worth looking at for how to this properly in addition to OpenID ?

A: 

You could have a look at the former Drupal module. That module did two entirely different things (hooray for the architecture :)). * It puplished information to a central "who runs Drupal" directory. (and offered a page to show such a directory yourself!) * It allowed login with credentials from other Drupal-sites.

The latter is what you are looking for. Note that the module was discontinued, not because the method for logging in was done wrong, but because the DrupalID mechanism itself is flawed. It has been replaced with openID and oauth.

http://drupalcode.org/viewvc/drupal/drupal/modules/drupal/drupal.module?hideattic=0&view=markup

The hooks and methods you would be looking for (in that order) are:

  • drupal_form_alter -- Adds validate-callback to the login form*s*.
  • drupal_form_user_login_alter -- Adds information about alternative login on login form.
  • drupal_distributed_validate -- Validation callback: calls drupal_auth to see if the user is valid. If so, calls user_external_login_register
  • drupal_auth -- Helper for validation callback: determines if the credentials are valid.

All other functions are either helper functions for these, or provide that directory-feature, or allow remote sites to authenticate against our database. Neither of which you will be using.

berkes  2010-06-22 09:05:40
Thank you for the tip. But drupal_distributed_validate uses user_external_login_register(), which should not be used according to http://drupal.org/node/497612#comment-3047302. I guess it's because it doesn't enforce additional registration fields and re-creates a (local user if name of the existing local user doesn't match the external one.
mongolito404  2010-06-22 11:42:09
That is hardening in d7. But D6, eventhough imperfect. The user_external_login_register() is still the way to go. Or, you could rewrite such a function yourself, and harden it there.
berkes  2010-06-22 16:28:37

related questions

Batch node operations in Drupal 5
How do you make php's json_decode compatible with firefox's javascript?
Drupal CSS URL Problem
Is it possible to deploy an already built Drupal site?
php Access violation
Creating an online catalogue using Drupal, what are the best modules/techniques?
How do I upgrade from Drupal 5 to 6?
How does AOP work in Drupal?
Any quirks I should be aware of in Drupal's XML-RPC and BlogAPI implementations?
What is the simplest way to handle images in Drupal?
How can I change some of Drupal's default menu strings without hacking the core files or using the String Override plugin?
Why is my Drupal site logging out users when a Javascript function is called?
How do I add a "last" class on the last <li> within a Views-generated list?
How do I determine if I should install Drupal 5.x or 6.x?
Missing label on Drupal 5 CCK single on/off checkbox
learning drupal fast track: how to create a stackoverflow clone?
How do you remove the default title and body fields in a CCK generated Drupal content-type?
How do I create a node from a cron job in drupal?
How to quickly theme a view?
Where is the best place to get Drupal & Sugar CRM developers?
How to get rid of Javascript Runtime Errors when running PDT + XDebug in Eclipse?
What makes Drupal better/different from Joomla
Include CSS or Javascript file for specific node in Drupal 6
What version of TinyMCE will work in Drupal 5 with google chrome?
How can I change the way my Drupal theme displays the front page