Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Open ID, Facebook Connect, Twitter Connect, etc.
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Open ID, Facebook Connect, Twitter Connect, etc.
 Post Reply Post Reply Page  12>
Author
  Topic Search Topic Search  Topic Options Topic Options
wistex View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 30 August 2003
Location: United States
Status: Offline
Points: 877 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wistex Quote  Post ReplyReply Direct Link To This Post Topic: Open ID, Facebook Connect, Twitter Connect, etc.
    Posted: 24 October 2009 at 5:45am
Are there any plans for support for ID services like Open ID, Facebook Connect, Twitter Connect. etc. either natively or as a mod?  
Back to Top
MortiOli View Drop Down
Senior Member
Senior Member
Avatar

Joined: 26 May 2002
Location: United Kingdom
Status: Offline
Points: 514 		Post Options Post Options   Thanks (0) Thanks(0)   Quote MortiOli Quote  Post ReplyReply Direct Link To This Post Posted: 24 October 2009 at 2:18pm
+1
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 26 October 2009 at 11:53am
There are not any plans at the present time as it would be very difficult to implement securely.  
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
wistex View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 30 August 2003
Location: United States
Status: Offline
Points: 877 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wistex Quote  Post ReplyReply Direct Link To This Post Posted: 17 December 2009 at 7:09pm
We are thinking about implementing it ourselves and we see some of the pitfalls ourselves.  We have a little different scenario since we have fully integrated the Web Wiz Forums login and security into the rest of the website (i.e. logging into the forums, logs you into the entire site).  The Facebook, Google Friend Connect, or Twitter login would not be solely for the forums, but would be useful in cases of commenting on blog posts & articles on the website, which are not in the forum.

Since there are a variety of services, I will simply call them "Connect" which can refer to Facebook Connect, Google Friend Connect, etc.

 As far as we can tell, we have these options:
  1. Connect as Optional Enhancement Only: Treat Facebook Connect, Google Friend Connect, Twitter Connect as things you can add onto your Forum/Site account, and then use the social media data & API's from each source to enhance the user's experience (i.e. being able to share things easier, or being able to see which forum users are also your friends on Facebook or followers on Twitter, for example.
  2. Connect Used as Alternative for Entering Password / Require E-mail: When a new user wants to use Connect to login, it asks them to either create a forum account, or associate their Connect account with an existing forum account.  They have to fill in required fields such as username and e-mail address, but do not have to specific a password.  In the future, logging in with the Connect button logs them in instantly.  The forum account operates as normal, and users can even request their forum password to be sent to their registered e-mail address if they later chose to login the old fashioned way.  If the Connect service provides their e-mail address to us, then their account is automatically verified.
  3. Connect Used as Alternative for Entering Password / Do Not Require E-mail: In this scenario, we do not require a user to provide his e-mail address, but all e-mail dependent features would be disabled for the account if they do not provide it (i.e. no subscriptions). 
  4. Connect as Alternate Login Outside Forum / Option 1 or 2 for Forums: In this scenario, the forums have one security model, and some areas outside the forums (such as commenting on blog posts or articles) have a different security model.  So users could use Connect to instantly login and post a comment outside the forums, but if they want to use the forums or more sensitive features of the site, they must specify a Forum Username and Verified E-mail Address to post.
Each method above poses its own issues and advantages/disadvantages.

Here are some known examples:
  • Meetup.com is a good example of a site that uses Facebook Connect as an optional enhancement (Option1 above).
  • I've seen one other forum software that has a third party addon that implements option #3 for Facebook Connect, requiring a user to specify a forum username, but not a password or e-mail address. (Bruce, I'll PM you the link if you want it.)
One question that immediately comes to mind, is: Would option #3 work with Web Wiz Forums or does the forum software assume there is a valid e-mail address entered for a user?


Edited by wistex - 17 December 2009 at 7:13pm
WisTex Solutions
CaribbeanChoice Forums
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 18 December 2009 at 10:33am
I like the sounds of option 2 or 3.

Web Wiz Forums does not require an email address. The only time an email address is required is if you have email activation enabled, which is recommend.

However, you could still use Web Wiz Forums with email activation enabled for those registering direct through the forum while at the same time using 'connect' without an email requirement.

Web Wiz Forums detects if a member has an email address in their profile, if not then the email options are not available to that member. This should make option 3 much easier to implement.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
wistex View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 30 August 2003
Location: United States
Status: Offline
Points: 877 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wistex Quote  Post ReplyReply Direct Link To This Post Posted: 18 December 2009 at 11:44am
I think that would be the best route, where people who register without Connect would have to verify their e-mail address, and people who register with Connect do not since we are using Facebook, Google or twitter as a "trusted identity provider" and we typically do not have their e-mail address.  If a user who initially registered with Connect ever wants to add their e-mail address, the forum would go through the procedure of verifying it (just like it was an e-mail change). 

Both Connect and non-Connect users would be able to manage their forum account like normal, change their profiles, add or change their e-mail address, even being able to request a password (assuming they bothered to add an e-mail to their account).

Implementation:

How this would be implemented would be pretty easy and could actually be just a page not connected to the forum at all (other than calling the forum's common include to access its variables).  [Although it would be nice if it was integrated into the forum registration process itself.]

When creating an account, a user would be given the option to register normally or use one of the available Connect services.  If they select a Connect Service, they go to a page where they can login using Connect.  Once logged in with Connect, it redirects to a page to see if this Connect user has ever logged in before with that account (by checking for a record stored in a table in the database). 
  • If they have not, then:
    • It asks them if they have an existing account, and asks them to login to associate their Connect account with their forum account*, otherwise:
      1. It directs them to a page where they must enter required information, such as a forum username.  If using option 3, that is actually all we would need.  (We could optionally ask for an e-mail, but we would have to let them know that they have to verify it if they do, like a regular non-Connect user.) Optionally ask for other profile fields to be filled in at the same time.
      2. When the page is submitted, it would create a user in the forum database with or without an e-mail address, and set the user to verified if they did not provide an e-mail address. (For security, I think all e-mail changes should always be verified, unless the Connect provider gives us a verified e-mail address we can insert into the system.)  It also would record in a separate table** the Connect ID and the Forum user ID, linking the two (or three or four, allowing them to connect more than one Connect account).
    • It redirects them back to the page where they came from.
  • If they have logged in before, then it simply logs them in and sets them logged into the forum, and redirects them back to the appropriate page (preferably the same page they came from when they initially clicked register).
So this is something that could actually be made without touching any of the forum code at all, although it would require the Connect Register page to directly modify the forum's database.

Some Notes:

*Users should be told that if they have an existing account, they should login FIRST, and then associate their Connect ID with their existing account.  Otherwise a second forum account would be created when they login with Connect.

**Using a separate table allows Connect information to be stored separately, so it does not interfere with the forum database. (Important if this is a mod, and not included in Web Wiz Forums).  It also allows you to associate multiple Connect/identity providers to one account.  That way you can do mashups with Facebook, Twitter and Google Friend Connect data all on one account, for example.




Edited by wistex - 18 December 2009 at 11:49am
WisTex Solutions
CaribbeanChoice Forums
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 18 December 2009 at 12:17pm
This sounds very good.

By the way if email activation is enabled then whenever a member changes their email they need to verify their new email address, so this should make it even simpler to implement it in the way you want.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
wistex View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 30 August 2003
Location: United States
Status: Offline
Points: 877 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wistex Quote  Post ReplyReply Direct Link To This Post Posted: 18 December 2009 at 1:42pm
Also just noticed that I should be able to use the API to add users instead of creating a database record directly.

http://demo.webwizforums.com/HttpAPI.asp
WisTex Solutions
CaribbeanChoice Forums
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.