search

llorien / crm

WordPress plugin installed on brithon.com to support managing customer relationship
0 stars 0 forks source link

Support SSO #51

Closed xueruini closed 8 years ago

xueruini commented 9 years ago

We will reorganize the sites as following:

  1. www.brithon.com
    • as a standalone single site
    • hold all subscription data
    • user register and login here and provide sso to all products networks.
    • enable plugin version selection for each user in each product (need rethink)
  2. {product}.brithon.com
    • as a WPMU site
    • each product one network
    • main site is useless
    • each user is a sub-site
    • Q: how could we get the sub-directory names the same across different products for the same user? ( @lukehl)
xueruini commented 9 years ago

I might need to move this brithon.com.

excelle08 commented 9 years ago

Should we use a set of self-made API in sso module as follows?

1.brithoncrm_login admin-ajax.php?action=brithoncrm_login A product send request containing this action name as well as username, password and remember to the CRM site for login. If success it returns the user info, after which the product site will register a user on its own site according the info on condition that it doesn't exist, and login.

2.brithoncrm_register An API to register a user on the CRM site

3.brithoncrm_get_user_info To get a user's subscriptions information

As for using a third-party plugin like WP OAuth Server, we need to create a APPKey for each product manually and then hard code them in the products, which I don't think is a good idea. Besides, it seems that they all require purchasing for mass users support.

@xueruini @lukehl

xueruini commented 9 years ago

Talked a bit with Wei days ago, and I asked him to write here. I have been working very hard on builder during the last two days, and it just works now.

Let me move to sso now. :)

xueruini commented 9 years ago

Let define the name of sites first:

  1. mainsite: www.brithon.com
  2. product sites: {app}.brithon.com
    • the first site (usually called the main site of a network) is not used now.
  3. product sub-site: {app}.brithon.com/{user_id}

There are several types of user in the our system:

  1. product sub-site admin. Then can:
    • CRUD providers
    • CRUD sub-site subscription
  2. providers in product subsite. Then can:
    • only login in the subsite, but has no management privileges.
  3. mainsite admin. It can:
    • manage all activation/deactivation of plugins in each product subsite

For the bi-directional communication between main site and products sites (actually, the product sub site), should leverage the authorization mechanism of wp, otherwise, we would have to pass special identity (like appkey) info in the ajax to verify the request. I agree with you to write own API instead of WP OAuth Server, because it is a general OAuth solution, and does not support close interactions in our scenario.

excelle08 commented 9 years ago

@xueruini Get.

xueruini commented 9 years ago
  1. users are redirected to main-site for login, and to product-site after login.
  2. register the user for all products for simplicity.
  3. use woocommerence for subscription. woocommerence has a stripe integration. The plugin is in brithon.com already.
  4. check plugin switch user.

@excelle08

excelle08 commented 9 years ago

Some tech details I figure out:

  1. When user request login or register on product sites, they would redirect such request to the main site. Thus this module would be responsible for processing such requests.
  2. After validating user's registration or signin requests, this module would communicate to the brithon-crmx plugin of all product sites to call them to register and log in.
  3. Main site admin would CURD product information (mainly name) so that the system knows the site URLs.
  4. Each product site manage user's subscription information independently.
  5. Security measure: Apply token validation when performing communication between sites

@xueruini

xueruini commented 9 years ago

Main site admin would CURD product information (mainly name) so that the system knows the site URLs.

We could hardcode this in the initial stage, while it would be better to support configuration online.

xueruini commented 9 years ago

Each product site manage user's subscription information independently.

Good question. What if the user wants to list all subscriptions for various products?

excelle08 commented 9 years ago

What if the user wants to list all subscriptions for various products?

What about calling the sub sites to pass their subscriptions information?

xueruini commented 9 years ago

What about calling the sub sites to pass their subscriptions information?

You have to talk to each sub-site to retrieve. I prefer to maintain all subscription info for all products in the main site.

excelle08 commented 9 years ago

https://github.com/birchpress/brithon-crm/wiki/Single-Sign-On

@xueruini

excelle08 commented 9 years ago

Let's apply secure cookie to keep login state.

wp_signon does not work in cross-site communication.

xueruini commented 9 years ago

secure cookie is a must.