Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Abandon auth extensions as core #2006

Closed
5 tasks done
luceos opened this issue Feb 14, 2020 · 13 comments
Closed
5 tasks done

Abandon auth extensions as core #2006

luceos opened this issue Feb 14, 2020 · 13 comments
Assignees
Milestone

Comments

@luceos
Copy link
Member

luceos commented Feb 14, 2020

We feel it is a burden to maintain the auth extensions, these include auth-github, auth-twitter and auth-facebook. The api's of these services occasionally break, demanding immediate attention of the team to fix, patch and release. Our focus should remain on stable and thereafter about providing the means to create such extensions.

We have to decide what to do with these extensions:

  • Keep them until they break, abandoning them without maintenance.
  • Move them out of the flarum namespace, possibly to the Friends of Flarum for wider, community based maintenance.

We're open to suggestions.

ACTIONABLE:

  • change flarum/flarum to drop these bundled extensions
  • archive the relevant git repositories
  • change the release checklist issue template in flarum/org to drop these bundled extensions (mentioned multiple times)
  • create (or ask to be created) a message in the dev diary
  • ensure this is added to the changelog/release notes
@tankerkiller125
Copy link
Contributor

Personally if we won't maintain them (which makes sense at this point) then I'd rather see a group/someone take over the extensions before the extensions break. If the extensions just break I can see the issue of production sites having major issues with users logging in. This would also be a great chance for that group/person to make a better version of these extensions. My only concern is making sure that if they do move we have to make sure that it's communicated very clearly and very well to the community. (Including depreciation messages in composer)

@askvortsov1
Copy link
Sponsor Member

To be honest, there's a lot of extensions that COULD be bundled, and I'm not entirely sure why these particular 3 were chosen. There's a lot of services that can be used to sign up, and I feel like these (github in particular) is more of a historical thing than an actual functionality thing. I'm not in FoF, but if FoF would be open to adopting these, that could be a good solution.

@franzliedke
Copy link
Contributor

There's a lot of services that can be used to sign up, and I feel like these (github in particular) is more of a historical thing than an actual functionality thing.

It probably relates to what we needed / wanted for Discuss. Facebook for reach, Twitter and GitHub for our developer-centric audience.


Back to topic: How would this affect generic OAuth/SSO-related issues like flarum/issue-archive#236? 🤔

@askvortsov1
Copy link
Sponsor Member

Considering that there's no issue using fof plug-ins in discuss, I think that friends of flarum is equally good a solution.

I'm not sure how moving these extensions out to friends of flarum would affect OAuth/external identity, as plenty of third party extensions like that already exist.

If there's something that the core team should be working on with external login, imo it should be improving the flow (see my comments on the issue you linked for a few cursory ideas). In general, the part where users indicate their username is clunky (ex. the login/sign-up popup needs to be open before opening the external provider for this to work at all)

@tankerkiller125
Copy link
Contributor

@franzliedke I feel like the storage of OAuth data, OAuth account disconnects and generic UI should remain in core, simply because I see an issue where if it's separated out into an extension or something of that nature we will have 10 different implementations each one trying to override the other. The actual logic of the OAuth itself and connecting to 3rd party APIs can/should be handled by the community.

@franzliedke
Copy link
Contributor

Yeah, it would fit well with the concept of Flarum core being a forum "framework" so to speak, and extensions filling in / implementing much of the actual functionality.

@askvortsov1
Copy link
Sponsor Member

@tankerkiller125 if thats whats being discussed, then I'd absolutely agree that the login provider interface should remain within Flarum, with the extensions moved out.

@askvortsov1
Copy link
Sponsor Member

Perhaps an extender could be built for this, considering it's a common use case?

@luceos
Copy link
Member Author

luceos commented Jun 9, 2020

Linking https://github.com/friendsofflarum/oauth here. @datitisev has begun moving these auth extensions into one Friends of Flarum extension.

@luceos
Copy link
Member Author

luceos commented Aug 28, 2020

When this issue is completed we need to:

  • change flarum/flarum to drop these bundled extensions
  • change the release checklist issue template in flarum/org to drop these bundled extensions (mentioned multiple times)
  • create (or ask to be created) a message in the dev diary
  • ensure this is added to the changelog/release notes

@luceos
Copy link
Member Author

luceos commented Sep 7, 2020

What's the status on the fof/oauth extension @datitisev ?

@dsevillamartin
Copy link
Member

@luceos I'm pretty sure it is done. It has been updated for the mithril rewrite too, just not released.

luceos added a commit to flarum/flarum that referenced this issue Sep 7, 2020
Drop the oauth extensions, see flarum/framework#2006
askvortsov1 pushed a commit to flarum/flarum that referenced this issue Sep 7, 2020
Drop the oauth extensions, see flarum/framework#2006
@askvortsov1 askvortsov1 added this to the 0.1.0-beta.14 milestone Sep 7, 2020
@franzliedke
Copy link
Contributor

I took care of the last two checkboxes (and added a TODO to the upgrade guide PR), so this can be considered done.

The release announcement draft already mentions this change, and has instructions for installing the replacement.

smile1130 added a commit to smile1130/laravel-simple-forum that referenced this issue Jun 16, 2023
Drop the oauth extensions, see flarum/framework#2006
helixdonnell9 added a commit to helixdonnell9/flarum that referenced this issue Oct 3, 2023
Drop the oauth extensions, see flarum/framework#2006
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants