New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Abandon auth extensions as core #2006
Comments
Personally if we won't maintain them (which makes sense at this point) then I'd rather see a group/someone take over the extensions before the extensions break. If the extensions just break I can see the issue of production sites having major issues with users logging in. This would also be a great chance for that group/person to make a better version of these extensions. My only concern is making sure that if they do move we have to make sure that it's communicated very clearly and very well to the community. (Including depreciation messages in composer) |
To be honest, there's a lot of extensions that COULD be bundled, and I'm not entirely sure why these particular 3 were chosen. There's a lot of services that can be used to sign up, and I feel like these (github in particular) is more of a historical thing than an actual functionality thing. I'm not in FoF, but if FoF would be open to adopting these, that could be a good solution. |
It probably relates to what we needed / wanted for Discuss. Facebook for reach, Twitter and GitHub for our developer-centric audience. Back to topic: How would this affect generic OAuth/SSO-related issues like flarum/issue-archive#236? 🤔 |
Considering that there's no issue using fof plug-ins in discuss, I think that friends of flarum is equally good a solution. I'm not sure how moving these extensions out to friends of flarum would affect OAuth/external identity, as plenty of third party extensions like that already exist. If there's something that the core team should be working on with external login, imo it should be improving the flow (see my comments on the issue you linked for a few cursory ideas). In general, the part where users indicate their username is clunky (ex. the login/sign-up popup needs to be open before opening the external provider for this to work at all) |
@franzliedke I feel like the storage of OAuth data, OAuth account disconnects and generic UI should remain in core, simply because I see an issue where if it's separated out into an extension or something of that nature we will have 10 different implementations each one trying to override the other. The actual logic of the OAuth itself and connecting to 3rd party APIs can/should be handled by the community. |
Yeah, it would fit well with the concept of Flarum core being a forum "framework" so to speak, and extensions filling in / implementing much of the actual functionality. |
@tankerkiller125 if thats whats being discussed, then I'd absolutely agree that the login provider interface should remain within Flarum, with the extensions moved out. |
Perhaps an extender could be built for this, considering it's a common use case? |
Linking https://github.com/friendsofflarum/oauth here. @datitisev has begun moving these auth extensions into one Friends of Flarum extension. |
When this issue is completed we need to:
|
What's the status on the fof/oauth extension @datitisev ? |
@luceos I'm pretty sure it is done. It has been updated for the mithril rewrite too, just not released. |
Drop the oauth extensions, see flarum/framework#2006
Drop the oauth extensions, see flarum/framework#2006
I took care of the last two checkboxes (and added a TODO to the upgrade guide PR), so this can be considered done. The release announcement draft already mentions this change, and has instructions for installing the replacement. |
Drop the oauth extensions, see flarum/framework#2006
Drop the oauth extensions, see flarum/framework#2006
We feel it is a burden to maintain the auth extensions, these include auth-github, auth-twitter and auth-facebook. The api's of these services occasionally break, demanding immediate attention of the team to fix, patch and release. Our focus should remain on stable and thereafter about providing the means to create such extensions.
We have to decide what to do with these extensions:
We're open to suggestions.
ACTIONABLE:
The text was updated successfully, but these errors were encountered: