oAuth2 + PHP-auth implementation

[ponasromas]

Well, I know how to implement oAuth2, but how to pair it with PHP-auth?

Example:

1. User goes to domain.tld/register
2. User choose Github as registration method
3. oAuth2 lib used
4. User goes to domain.tld/login
5. User choose Github as login method

Now, how to actually "login" user via PHP-auth? Because main authorization library would be still PHP-auth. Is it possible to programatically "login" user?

[Peabo83]

I've implemented what you're talking about with google OAuth, I'm not familiar with the process of GitHub authorization, but I assume it would be similar. Here is the process I've implemented:

1 User goes to domain.tld/register
2. User creates an account
3. User is emailed a verification key/token (as outlined in the php-auth documentation for $auth->register)
4. User clicks the link in their account, they hit the site, their account is verified, and they are automatically logged in
5. User logs out
6. User attempts to now login using the Google OAuth button
7. Google OAuth provides a $_POST['credential'] value with login that can be used to verify a users account. In these creds are a unique google ID that I store in the php-auth database as part of the user's information. So when the user attempts to login with google I match their email and OAuth creds for login. This allows the user to login with OAuth or the 'login with google' button.

Alternatively, this process can be reversed:

1. User uses the 'login with google' button
2. System uses info in $_POST['credential'] to create a new account, and automatically logs the user in (no authentication email is sent)
3. User then requests a password reset via domain.tld/reset
4. User account is emailed a password reset link
5. User resets their php-auth password, allowing them to login with a U/P or the 'login with google' button.

So when a user attempts to login with OAuth, the $_POST['credential'] value is pulled for the user's email and google unique ID, if $_POST['credential'] passes authentication, the user is logged in via $auth->login. I would assume GitHub passes similar user data.

[kennyrkun]

I too have implemented an OAuth login method allowing users to login with an associated Discord account.

They must first create a local account, but once they have done that they can associate any Discord account with it to log in. Following the authentication process typical of any OAuth setup, I associate a Discord user ID with the local account data. Then, anytime a user attempts to login with Discord I run the process again. If Discord responds that the user is authenticated, I find the user by searching for the user row with the Discord ID, then log them in like this $auth->admin()->logInAsUserById($userId).