Excellent work! I was curious if any authentication/login management systems have integrated with your class. In more detail is there a complete user management system (login,register,reset pass) with your OpenAuth API?
|2013-04-04 06:21:32 - In reply to message 1 from Matt Sobocinski|
|Available publicly, not that I know.|
But the Icontem Accounts site, which provide the main user registration and authentication uses this class to let users register and login with accounts of other sites like Facebook, Google, Microsoft, GitHub, etc..
|2013-04-04 06:59:57 - In reply to message 2 from Manuel Lemos|
|Looks like your next project :)|
|2013-04-04 07:39:16 - In reply to message 3 from Matt Sobocinski|
|It is unlikely that I publish the whole Icontem Accounts system because it is very specific and complex.|
But I plan to publish example script of storing and retrieving OAuth tokens in a database, so it can be used easily to call APIs when the user is not present, which is something that the default storage based on sessions does not work.
|2013-04-04 08:07:04 - In reply to message 4 from Manuel Lemos|
|That would be much appreciated to a lot of the beginners (including myself).|
My current facebook auth integration I questioned making the auth requests to facebook on each page request. Is this necessary? or am I confused and the session handles the logic so that the request to the site doesn't occur each time?
|2013-04-04 09:58:19 - In reply to message 5 from Matt Sobocinski|
|No, of course not. It is the same reason you do not ask your users for the user name and password in every page.|
Once you authenticate users with their user names and password you can start a session with the user data. You can set some session variables to determine if the user was authenticated or not.
You can do the same with users authenticated using OAuth.
The only difference is that you can find the user account with their user name and password, but using a Facebook account you can send an API request to get the user e-mail address.
Assuming that users in your system may not have multiple accounts with the same e-mail address, that is enough to authenticate the user and start a logged user session.