Peabo83
commented
10 months ago I've implemented what you're talking about with google OAuth, I'm not familiar with the process of GitHub authorization, but I assume it would be similar. Here is the process I've implemented:
1 User goes to domain.tld/register
- User creates an account
- User is emailed a verification key/token (as outlined in the php-auth documentation for $auth->register)
- User clicks the link in their account, they hit the site, their account is verified, and they are automatically logged in
- User logs out
- User attempts to now login using the Google OAuth button
- Google OAuth provides a $_POST['credential'] value with login that can be used to verify a users account. In these creds are a unique google ID that I store in the php-auth database as part of the user's information. So when the user attempts to login with google I match their email and OAuth creds for login. This allows the user to login with OAuth or the 'login with google' button.
Alternatively, this process can be reversed:
- User uses the 'login with google' button
- System uses info in $_POST['credential'] to create a new account, and automatically logs the user in (no authentication email is sent)
- User then requests a password reset via domain.tld/reset
- User account is emailed a password reset link
- User resets their php-auth password, allowing them to login with a U/P or the 'login with google' button.
So when a user attempts to login with OAuth, the $_POST['credential'] value is pulled for the user's email and google unique ID, if $_POST['credential'] passes authentication, the user is logged in via $auth->login. I would assume GitHub passes similar user data.
Well, I know how to implement oAuth2, but how to pair it with PHP-auth?
Example:
Now, how to actually "login" user via PHP-auth? Because main authorization library would be still PHP-auth. Is it possible to programatically "login" user?