Yii2 user module with social authentication

[evercode1]

[update from schmunk42] Changed title, original title: Facebook User Login/Create Extension

Yii's advanced template has a great user model and it would be nice if we could have an extension that makes it easy to integrate Facebook Login and create user. Kartik's Social module works well for sharing but does not cover these functions and a robust extension installed by composer would be awesome.

I'm just a novice programmer, so I haven't done an integration with Facebook yet, so I'm not sure if I can describe it accurately, but I think it would need to include the following features:

1. A facebook login/join button widget
2. The ability to detect whether or not a user has an existing account on the Yii-powered site.
3. If the user does not have an account, the ability to create an account.
4. Login to the yii-powered site after successful account creation or direct login if account already exists.

Since this extension would have to integrate with Facebook, developers would have to create an app on Facebook and supply the app id and the secret id as well as the domain settings for their site.

This would also likely involve making a change to the user table to associate the user account with the FB account, probably need a column, fbuser_id. I'm not sure what else this would require, since I haven't tried this yet.

I think this will be one of the most common requirements of websites built with Yii and it would be great to see this process simplified and standardized. Not sure if a tutorial would be more appropriate than an extension or not. I tired Kartik's social module on a demo I'm working on to learn Yii and thought it was really cool and easy to use, but it does not support these functions.

I think a FB Login/create User extension would be widely utilized.

[cebe]

Have you seen this? https://github.com/yiisoft/yii2-authclient/blob/master/clients/Facebook.php

[schmunk42]

I'd also like to see an implementation, the guide has something and several extensions are working on it, but I don't know about a working package.

[evercode1]

I didn't see https://github.com/yiisoft/yii2-authclient/blob/master/clients/Facebook.php. But looking at it, as a beginner, I find it a little overwhelming. I read through the facebook sdk and played around with it, so I have some idea of how to do this, just haven't started working on it yet. I'm trying to get Kartik's module working first, so I can continue to use his social widgets and use his module for configuration of the app id and secret id.

Unfotunately, when I do develop it, I'm pretty sure my solution would not be optimum :) I'm too new at this. I'm assuming that at some point the extension has to store the Facebook user id into the Yii app's user record and I didn't see anything about that in the extension mentioned above.

Yii 2.0's advanced template is so amazing in it's ease of use for beginners, especially in providing a working user model with login, forgot password, etc., frontend and backend, it already towers over the other frameworks. Powerful, yet easy to use. You guys should be really proud of it.

I think a Facebook extension that was easy to implement (or built in to the advanced template) would just be great and further differentiate Yii 2.0 as by far the best PHP framework out there.

Just dreaming here, but wouldn't it be amazing if there were Gii function that helped you build your social widgets? I think for modern web applications, social integration is just as important as the core strucutre.

[kartik-v]

I suppose this should be handled within whichever USER MANAGEMENT MODULE one is using. The module must ideally have some database fields to record some data of the social AUTH providers.

I can take this up as an extended user module, in case no one else is doing it with their user module. I will wait for any other functionality desired in this.

[evercode1]

Kartik, I think you are thinking in the right direction. I was hoping that the social module could be a separate thing altogether, but since it would be so tightly bound to the user model and user creation, it would get messy if it were not one standard approach for both. You would get bombarded with support requests (I know I'm guilty!) if we were all working with different user models.

I'm really looking forward to seeing your module. I really like how you did the widgets for your social module, and the config is clean and easy to understand and the widgets are so easy to work with.

I also like the advance template's user model, it's easy to work with and I imagined that either I would add fields directly to the user table or to create another table that would hold all associated records for social logins.

Feedback on the user model:

In the user model from the advanced template, I extracted out the status and role constants and created separate tables and models for them, which allowed me to use your tutorial to create dropdowns and references by name on the gridview widgets, with eager loading. I had to rename the role and status fields on the user model to disambiguate as you know from my forum posts, but otherwise, I found it all generally very easy to work with, especially generating everything with Gii.

I also created a separate action on the backend site controller for admin login that looks for a minimum role value, so with hardly any code, I was able to make the backend accessible only by those with admin status (as defined by the value I set). Since I built the status and role models with crud and views, it was easy to set up roles and statuses.

I didn't learn scopes yet, but I was assuming I was going to have to implement default scopes, so that every time I called the user index page in the backend, I would not be automatically pulling the entire DB, which for sites with large numbers of users, would be crazy.

This is just basic and obvious stuff, I'm just providing feedback on what I like about the existing user model in the advanced template.

Building all this as an extended user module with social would be amazing. You are already providing a high level of support and documentation for your existing work, so I would look forward to working with it.

I think the end product should be widget based like your social module is now, it will be incredibly easy to work with that way. If possible, it would be cool to add LinkedIn as one of the primary social networks to include.

If there is anything I can do to help you, please let me know. I'm just a beginner programmer, so I can't do much there, but I'm happy to help in anyway I can (writing docs?). Thanks again for contributing so much to awesome framework.

[schmunk42]

Hi guys, I'll add some comments later, but just for reference in the meantime ... these are the current user modules for Yii2 https://packagist.org/search/?type=yii2&q=user

If we could share some efforts we could create an awesome extension, so many people are coding on this.

[kartik-v]

Listing the top five extension owners mentioned in the packagist yii2 user search link by @schmunk42. Hope they can participate and suggest...

• @dektrium
• @amnah
• @nineinchnick
• @nodge
• @robregonm

[nineinchnick]

I almost finished social auth in the Yii 1 version of my module and will be porting the changes to Yii 2 at the coming weekend, switching from Hybridauth to yii2-authclient at the same time.

I already got a pretty big list of features supported, including:

• custom profile fields and profile pictures
• one time passwords
• password history, enforcing password change with checking for used passwords
• social auth
• user admin managment
• login attempts tracking
• password generator

All using class interfaces of UserIdentity, so it doesn't enforce anything on a project where it is used.

User login and registration seems simple but after analyzing lots of scenarios I'm pretty sure beginners will do it wrong, it just takes so much time. It should be available as a module that would be updatable.

I started my own module because I needed something that would work with existing tables without modifying them or the module. I'd be happy to work with others but no other module meets that criteria.

Are we going to choose one to focus on? Or advertise it?

[kartik-v]

Not personally gone through all the extensions. My view, is to collaborate with the one extension (or maybe the top two), which is easily extensible for more scenarios ... building upon the Yii 2 Official Extensions and Classes. Also be able to plugin third party functions/widgets or customize the views.

But that apart, more importantly it needs time commitment from all collaborating. So whosoever can join hands first should be the way to go. Will love to hear feedback from the community.

[schmunk42]

Thank @kartik-v for the notifications, I wanted to do the same :)

Personally I think a user management extension should be build on top of the new yii2-auth extension and should not be mixed with RBAC (we can have another module for that).

I also haven't looked at too much code, but it looks to me that the code is of very high quality and perfect for Yii 2. Also the architecture with different clients looks pretty neat.

I also think it's important to do this step by step and don't throw all the features in there from the beginning. The user module is the supreme discipline for extensions IMO, because there are so many options to take care of.

The additional profiles should be very flexible (maybe attach a custom model?) and also the extension should make use of the event system, like triggering events like onRegistration and onActivation, etc... the developer could then decide if he needs to send an email, check an LDAP server, whatever.

Last but not least, it should not force you to extend from a BaseUser class, instead using behaviors if needed.

[robregonm]

Agreed @kartik-v: because a powerful extension should be customizable and easy to integrate to most scenarios. Agreed @schmunk42: We should keep User from RBAC (My Yii2-Auth extension "merges" in one name, but they work separated, but sometimes you need just one), so I'm fully agreed, they should be separated. Count on me, I'm looking forward to collaborate in an awesome extension :)

[kartik-v]

Can we list features to target for first release... record in a CHANGE log or something? I am creating a separate github repo space for this yiicommunity and would send invites.

[kartik-v]

Created a new collaboration community and repo for this. Added few users from here who have shown interest.

[nineinchnick]

Shouldn't we pick one of the existing modules, best matching base criteria?

There are 5 user modules already. The main idea is to make a proper one. Then there will be 6 user modules and nothing will change.

[kartik-v]

@schmunk42 - can you change this issue title to Yii2 user module with social authentication

@nineinchnick Yes we should reuse as much as we can and merge as one repo.

Also, I suppose the first objective is to make the features lean to make it work for more scenarios - and add other features later - if needed - that can be plugged on / off.

If we can finalize the features which we all agree, in ONE PLACE HERE... including the base module source from where we pick features (we can assign the credits and ownerships accordingly to each part).

I have kind of updated the above log with placeholders for each reusable module... feel free to edit the same (so we can agree on the feature list).

[kartik-v]

@robregonm and @nineinchnick - I have placed the fork of your modules in the yiicommunity org. I will try to go through the code when I get time and put in my thoughts on the features we can reuse (that would be a bit daunting personally :-) ). Would suggest you to add anything from your side as well to the change log including @schmunk42 and @evercode1. All have read/write access to the yii2-user-module repo. We can rename this to repo any other name if we wish.

If we get any feedback or inputs from other extension owners - @dektrium, @amah, and @nodge - we can include them as well.

[evercode1]

Wow, seeing how deeply you guys are into this, I'm really looking forward to seeing this develop. Building one great extension with all of you behind it is attractive for obvious reasons. Everything about Yii 2 seems extremely well-thought out. It has an intuitive flow to it, far superior to the other frameworks.

When I try to explain why this is to other programmers, since I'm not that technical, I start sounding like a crazy person :) Anyway, one of the goals should be to maintain the intuitive flow and to make implementation as simple as possible.

Setting up the advanced template was really easy because of the init. It created the needed data structure and set dev or production mode. This was a supercool feature.

I think if the user module with social auth involves an extensive amount of data structure, it would be really cool if this could be created by running a Yii command that creates the tables. Less room for typos in the field names which will translate into fewer support requests.

Anyway, however you guys decide to do it, I'm really looking forward to it. I think this module will add a lot to the framework and would be widely used. It would be awesome :)

[schmunk42]

Here a very rough first draft of the data model: https://github.com/yiicommunity/yii2-user-module/issues/1

[kartik-v]

I have changed the organization name to communityii - inspiration from schmunk to play around with words. The updated link to the community yii2-user repo is here.

[kartik-v]

Folks please check my initial design suggestions for this module and give your feedback.

For the existing extension owners, please suggest what all we can reuse and merge from your existing modules?

[schmunk42]

Closing this issue, since it is developed now here: https://github.com/communityii/yii2-user/