Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
OAuth2 module has only username/password authentication. It would be great to have authentication with email too.
Proposed resolution
Add a custom OAuth2Grant plugin that handle authentication with mail parameter. We can re-use most of the code from \Drupal\simple_oauth\Plugin\OAuth2Grant\Password class, only validate user should be different.
Comment | File | Size | Author |
---|
Issue fork email_registration-2991141
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
a.dmitriiev CreditAttribution: a.dmitriiev as a volunteer and at 1xINTERNET commentedAttached is the patch for 8.x-1.0-rc5 that allows to authenticate with Simple OAuth module and mail.
In your request don't forget to change the query parameter "grant_type" to "email_registration" and "username" change to "mail".
Comment #3
a.dmitriiev CreditAttribution: a.dmitriiev as a volunteer and at 1xINTERNET commentedComment #4
andypostNice feature for 1.1 release, needs tests like
Comment #5
mvantuch CreditAttribution: mvantuch as a volunteer commentedEven though this looks like a clean way of doing it, it doesn't really work well with Postman, which doesn't support changing the the grant_type outside of the defined list (password, implicit, authorization code, client credentials). Might we this is not compatible with the OAuth2 standard?
My idea was to simply override the `user.auth` implementation to support authorisation by email as well. This would potentially fix other modules too as we'd then simply use the email where the name is expected.
Comment #6
mvantuch CreditAttribution: mvantuch as a volunteer commentedSorry, the previous patch was in a wrong format, attaching a new one.
Comment #7
mvantuch CreditAttribution: mvantuch as a volunteer commentedComment #8
a.dmitriiev CreditAttribution: a.dmitriiev as a volunteer and at 1xINTERNET commentedThere are no strict standards for the grant type. Please read up here https://oauth.net/2/grant-types/ .
Comment #9
andypostComment #10
andypostComment #11
ptmkenny CreditAttribution: ptmkenny commentedI was able to get OAuth authentication working with the patch and instructions in #2, but the patch in #6 didn't work for me-- I kept getting an error message about an incorrect grant type.
Comment #12
ptmkenny CreditAttribution: ptmkenny commentedAlso it would be great if there is a way to either 1) make this work with Postman, as described in #5 or 2) there are instructions provided for how to debug without Postman.
Comment #13
ayalon CreditAttribution: ayalon commentedUpdated patch #6 for Drupal 9:
Comment #14
andypostShould use UserAuth::class
needs docblock
Comment #15
fjgarlin CreditAttribution: fjgarlin commentedAddressed the feedback above and made sure the two new files follow coding standards.
Comment #16
keopxPatch #2 works properly.
I think the last patch not working because they need to set dependencies.
https://www.drupal.org/docs/drupal-apis/services-and-dependency-injectio...
I think they need dependencies:
https://www.drupal.org/docs/drupal-apis/services-and-dependency-injectio...
Comment #17
keopxComment #18
fjgarlin CreditAttribution: fjgarlin commentedThe tests are failing because it is expecting
protected function setUp(): void
in line 38 oftests/src/Functional/Plugin/Commerce/CheckoutPane/EmailRegistrationLoginTest.php
.Not sure if that addition should be included on this patch as the tests are extending "commerce" test base classes.
The dependencies on the new file should be exactly the same ones. As we are extending the core.auth via a plugin I am not sure that we need to set them up again.
Comment #19
fjgarlin CreditAttribution: fjgarlin commentedTrying to reroll the patch with the previous fix on the test file to see if it runs the tests. I could reproduce the issue of the test runner locally, then applied the patch, and all the tests ran sucessfully.
Note that this patch is the evolution of #5, not #2.
Comment #20
Kojo Unsui CreditAttribution: Kojo Unsui commentedPatch #2 is working properly in D9.2.7, tested in Next Auth authentication context. Great !
Comment #21
z3cka CreditAttribution: z3cka commentedPatch from #19 works like a charm on Drupal 9.3.2 in tandem with email_registration module. Thank you all so much for your work on this!
Comment #22
man-1982 CreditAttribution: man-1982 as a volunteer commentedPatch #2 work perfect for simple_oauth Drupal 9.3.3.
Thanks a.dmitriiev
Comment #23
andypostNW for remarks and still no test added, the overriden
UserAuth
needs better explanation (in code comments) why we need to override itthis method should use @inheritdoc as defined in
\Drupal\user\UserAuth::authenticate()
this change is unrelated and fixed via #3228033: Update the EmailRegistrationLoginTest to match the parent CommerceBrowserTestBase class.
Comment #25
fjgarlin CreditAttribution: fjgarlin commentedI opened an MR with the changes. I addressed the feedback and added a test that bypasses the login form (that this module alters) via http request to check that login with both username and mail does work. I extended core tests and added comments where appropriate.
Marking as need review again.
Comment #26
z3cka CreditAttribution: z3cka commentedI just want to thank @fjgarlin for the latest changes in MR!3, I've tested this MR with Drupal 9.3.21 and it works great. Cheers!
Comment #27
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commentedThis would be a great feature for 2.x! Thanks a lot, I'll see if I can squeeze in some time the next couple of weeks! :)
Comment #28
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commentedComment #29
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commentedComment #30
AnybodyNeeds a reroll for 2.x, please. Then we can proceed.
Comment #33
fjgarlin CreditAttribution: fjgarlin commented@Cryt1c - no need to create a new MR. The only difference is
$query->accessCheck(TRUE);
.You can collaborate in https://git.drupalcode.org/project/email_registration/-/merge_requests/3
A new MR would make sense if the approach is completely different, but not if it's the same.
Comment #35
Cryt1c CreditAttribution: Cryt1c as a volunteer commented@fjgarlin thanks for the info. I had some issues with pushing before. Now it worked and I have added my commit to your MR.
Comment #36
fjgarlin CreditAttribution: fjgarlin commentedPerfect! Thanks for helping with the issue.
Comment #37
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commentedI guess, this can go back to "Needs review"?
Comment #38
ptmkenny CreditAttribution: ptmkenny commentedComment #39
andypostneeds to add strict types
Comment #40
andypostFixed my feedback
Comment #42
andypostcreated https://www.drupal.org/project/email_registration/releases/2.0.0-rc5
Comment #43
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commentedThank you, @andypost! I didn't find the time to review this!