search

perrybutler / WP-OAuth

A WordPress plugin that allows users to login or register by authenticating with an existing Google, Facebook, LinkedIn, Github, Reddit or Windows Live account via OAuth 2.0. Easily drops into new or existing sites, integrates with existing users.
GNU General Public License v2.0
97 stars 76 forks source link

Unable to match previous users by email #52

Open Xtremefaith opened 8 years ago

Xtremefaith commented 8 years ago

See original thread for backstory. but so far I have determined that up until this point it was intentional to not capture emails in the $oauth_identity variable, but unfortunately that means without it there is no way to match the authenticated user with an existing account by email.

Is this a feature you do not wish to have within WP-OAuth? If it is something you're willing to include I can add it today and send a PR. Let me know, thanks!

Xtremefaith commented 8 years ago

I just came across #3 and realize some of the reasoning behind this feature better. For my current purposes, I need this feature for internal websites so the security vulnerabilities are less of an issue to me. I've currently got this working perfectly but I will also build in a setting that allows the site admin the ability to disable this feature.

kylewhenderson commented 7 years ago

Was looking for the same solution - is this a fork of the existing plugin?

Xtremefaith commented 7 years ago

Yes I forked it and added my solution along with a few other updates. I thought I would maintain it more but I've since begun writing another solution that better follows OOP. Because of some work deadlines I won't be able to make that public until Jan sometime. But you're free to use what I started here it follows suit with the original author's work, I just personally don't like how procedural he implements each provider.

kylewhenderson commented 7 years ago

Would your version automatically populate the user's name and email address (maybe username) into the WordPress user profile? New to OAuth so I probably have some fundamental misunderstandings of how it works, but creating an automatic username of 'user4' etc didn't seem like a good solution especially since WordPress doesn't allow for users to change their username.

Xtremefaith commented 7 years ago

So each provider file (i.e. login-google.php) has the following methods setup:

In the identity method you can parse out the details given from the provider. This depends on the provider and the scope that you request. will need to look up each provider and configure respectively.

After that, the $oauth_identity should have what it needs to map to the WP_User details that you're looking for (see wp-oauth.php specifically the wpoa_login_user() method).

That should help you figure somethings out. The original author wanted to only request the bare minimum so I don't think he has intentions of setting it up to do much more, (at least not without options to allow the site admin to determine those things).

I'm pretty familiar with process so let me know if you have any questions. As I said, his implementation is pretty messy so personally I'm working on a better implementation of it right now. I could perhaps make that public soon if you want to contribute to that solution instead.