Login with Twitter (Kirby)

[chrisburton]

Issue:

I’m having trouble trying to figure out how Bastian (Kirby Author) is creating the “Login with Twitter” functionality and integrating it into Kirby. What I’m trying to do is create a blog and use that for my comment section.

What I know:

I know that he is using Opauth but not sure if he’s integrating that with his current auth plugin. From the looks of his URL’s when logging in and out, I believe he is.

Additionally, someone suggested to use Disqus. The problem with that is that I wouldn’t be able to control the UI of the comment form and it’s really not what I prefer.

If you’d like to test this and have a Twitter account, you can go to the forum. I’d love any insight or help trying to solve this.

[chrisburton]

@BenWalker Possibly.

`/auth/do:lougout` – Not sure how he’s doing this.

I’ll take a look at those links you provided. Thanks for the insight.

[__]

`do:logout` is an internal thing; he’s just “forgetting” your login, it has nothing to do with twitter.

[chrisburton]

@traq I just read up on a way to go about that somewhat except the code was something like `if $do = “logout”`

[__]

yeah, it’s the same idea. He’s just parsing the URL instead of using a query string.

You can see what he’s doing in `./kirby/lib/uri.php`.
You can access those params like
`$someParam = $site->uri()->param( $key );`

So, in this case, you’d do:

if( $site->uri()->param( ‘do’ ) == ‘logout’ ){
/* logout */
}

The query string approach (`?do=logout`) will still work, of course.

[chrisburton]

After doing some research, I think I’m making this more complicated than it actually is.

Process:

User clicks login

User gets redirected or popup (preferable) to allow access to their information.

Twitter API grabs their information

Somehow I store those credentials (username, possibly email and profile image) so the user doesn’t have to accept access every time…or something like that.

Then, just use php to echo out those credentials (minus email).

@traq Thanks for clearing that up. Makes better sense than what I was imagining.

[__]

before you redirect the user, you need to POST to twitter to get an oauth request token.

> Somehow I store those credentials (username, possibly email and profile image) so the user doesn’t have to accept access every time…or something like that.

Twitter returns a userID and a screen name. You’d typically store them in the session.

You might be interested in [Andy Smith’s OAuth class](http://oauth.googlecode.com/svn/code/php/). I’ve never done this myself, but [this seems to be a good tutorial](http://www.jondev.net/articles/Using_OAuth_with_Twitter_-_PHP_Example).

[chrisburton]

@traq What if the user clears their browser’s data (cookies, etc), wouldn’t they have to go through the whole process over again?

[__]

yes; but that’s true of any* website login.

**meaning, of course, “any cookie-based website login.”

In practice, this covers just about all of them, Twitter included.*

In fact, if the user intentionally clears their browser’s data, I think it’s safe to assume that they *want* you to forget they were logged in.

[chrisburton]

@traq Touché.

[chrisburton]

I started working with Opauth but I’m not sure how to set the `DocumentRoot`.

See here: http://cloud.chrisburton.me/M7qv

I’m also getting this error: http://cloud.chrisburton.me/M7xB

Line 125 can be found here: http://codepad.org/czuCGZvU

[__]

> I started working with Opauth but I’m not sure how to set the DocumentRoot.

I think it’s just telling you that the example needs to be in your doc root (i.e., that’s just how the demo is set up to run; so it needs to be in your website’s root). Not “for sure” though, I’ve never used OAuth.

> I’m also getting this error: http://cloud.chrisburton.me/M7xB

How are you arriving at that error? “Strategy” refers to “which service you want to use for authentication,” such as Twitter or FB. Your problem might be as simple as trying to sign in at `/auth` instead of `/auth/twitter` (or FB, etc., whichever)…?

[chrisburton]

@traq

> I think it’s just telling you that the example needs to be in your doc root (i.e., that’s just how the demo is set up to run; so it needs to be in your website’s root). Not “for sure” though, I’ve never used OAuth.

But the problem is that I have other files there that may conflict. This is what is confusing to me.

> How are you arriving at that error? “Strategy” refers to “which service you want to use for authentication,” such as Twitter or FB. Your problem might be as simple as trying to sign in at /auth instead of /auth/twitter (or FB, etc., whichever)…?

I downloaded the whole thing from http://opauth.org. It seems that what I downloaded from the site is a bit different than this: https://github.com/uzyn/opauth. I’ll download what’s on github and try again.

[__]

@chrisburton

> But the problem is that I have other files there that may conflict. This is what is confusing to me.

Yeah, I think the demo is meant to be run in isolation – just for you to get familiar with using it. I don’t think it’s meant to be used “out of the box” on a live site.

do you have a local server set up where you can try it out? Otherwise, you’d probably have to go through the files and change all of the URLs to match wherever you upload it. That might not be a bad idea, since you’ll have to do this anyway to use it on your site.

I’ll look at the script and lend you any insights. : )

[chrisburton]

@traq Hmm. I tried putting my Kirby site into a folder so nothing conflicted and it still doesn’t work. So weird. Appreciate the help very much. Thank you.

[Author]

Posts