How to inject Auth0 service or integrate atk4/login with other AuthType?

[abbadon1334]

I'm working on Auth0 integration and i have some clue about integration in atk4/login.

IMHO the actual atk4\login\Auth::check() method do too many things, not only check but even add UI elements and return an formatted error,

Did you think that can be space to extract an interface for login/logout/check? and use in place of the default one in case is injected in constructor?

What is Auth0 (https://auth0.com)

Auth0 can be used in API, Web Application and Mobile with a SSO, Single sign on, from multiple authentication provider like social or mail service.

Practically you call a login app url of Auth0, you login on an Auth0 customizable login page, and you get a response back like this :

$user_data =[
        'given_name' => null,
        'family_name' => null,
        'nickname' => null,
        'picture' => null,
        'locale' => null,
        'updated_at' => null,
        'email' => null,
        'email_verified' => null,
    ];

Email will be used as identifier for the user, other fields can be used to enrich user model without compiling again a form.

I used a Auth0ToModelMapper to map fields from $user_data to atk4\data\UserModel

In a classic Auth Interface i think the methods are usually :

• check
• login
• getUser
• logout

In Auth0 you can manage even roles and webhook.

Practically, you can delegate all the user process : authentication, creation, confirmation and recover to the Auth0 service.

Auth0 ha a free subscription which gives you 7000 active user and unlimited login per month.

You can integrate multiple App with the same Auth0 login.

Conclusion

here the gist of the working implementation : https://gist.github.com/abbadon1334/050260d1b117a86a8dcdfd0cbf4e3bcd

Sorry for the gist in place of a github repo, but Github Support still not answering me after 5 days.

It works, but i want to see when the ACL here will be finished and actions will be integrated from 2.0 release.

What do you think?

[romaninsh]

@abbadon1334 I could really use something similar, but can this integrate directly to https://github.com/thephpleague/oauth2-client ?

[romaninsh]

Also I think the integration should re-use existing models (User, Permissions etc) but instead of requesting user password allow them to authenticate using 3rd party SSO.

Also - it would be nice if user could use multiple SSO providers - e.g. log-in with facebook, google etc of their choice and connect them to their existing account and still keep the password functionality.

[abbadon1334]

My suggestion is to separate the logic from the ui in atk4/login, to allow integration of different systems, if we don't do this, for every "system" we need to rewrite ACL + Logic, literally makes atk4/login useless and devs must rewrite all everytime, but given the way atk is going, i see a more future coupling of atk4/login and UI components.

Also - it would be nice if user could use multiple SSO providers - e.g. log-in with facebook, google etc of their choice and connect them to their existing account and still keep the password functionality.

Auth0 gives you this possibility avoiding all the problems of storing a user password.

[abbadon1334]

@abbadon1334 I could really use something similar, but can this integrate directly to https://github.com/thephpleague/oauth2-client ?

we could use but we need to rewrite some Auth class