User setting to connect existing account with auth provider

[clarkwinkelmann]

As part of the Telegram login extension I plan to add an option to connect an existing Flarum account to Telegram (it's particularly useful because this enables to send Telegram notifications).

I'm thinking that's something we might want to get into core, in particular if Facebook/GitHub also start using external user IDs as the identifier instead of the email.

Currently there's only the Twitter login extension that could benefit from something like this. It's currently not possible to connect an existing Flarum account with Twitter.

Was something of the like already planned ? I will try to add something to the Telegram extension and I could PR it back to core if you're interested.

I'm thinking of adding a "Connected accounts" section to the user settings, and a list of buttons like the login ones there. I'm not sure if oauth controllers could be reused as-it but there's probably not much change to do. Only major change would be that auth extensions need to expose a way to know if it is currently connected for a given user, and maybe also offer a way to disconnect an account.

[tobyzerner]

Nothing planned, happy to take a look at what you come up with!

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. In any case, thanks for taking an interest in this software and contributing by opening the issue in the first place!

[stale[bot]]

We are closing this issue as it seems to have grown stale. If you still encounter this problem with the latest version, feel free to re-open it.

[clarkwinkelmann]

This is still relevant. We need to discuss a strategy for storing oauth tokens and allow connecting/disconnecting accounts.

[tankerkiller125]

The database table already exist for it, but the backend API/extender does not. Getting the API in place should resolve this problem. Part of that would be building a frontend interface to disconnect accounts.

[clarkwinkelmann]

Right that's login_providers. And I see it's already being filled, there's just no way of working with that data right now.

Also the oauth tokens aren't saved at the moment, only the remote user ID. Storing the token could be useful if we ever want to pull updated data or do something with the user's connect feature.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. In any case, thanks for taking an interest in this software and contributing by opening the issue in the first place!

[clarkwinkelmann]

Will also be solved by flarum/framework#2059

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. In any case, thanks for taking an interest in this software and contributing by opening the issue in the first place!

[clarkwinkelmann]

still important. should all those oauth issues be added to a milestone?

[askvortsov1]

I suppose https://github.com/flarum/core/pull/2059 is that milestone? :stuck_out_tongue:

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. In any case, thanks for taking an interest in this software and contributing by opening the issue in the first place!