Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Who fills out username / password fields these days? :) Could we get hybridauth in core please? :)
Comments
Comment #2
giorgio79 CreditAttribution: giorgio79 commentedComment #3
Wim LeersWould this tie Drupal core to closed-source externally hosted APIs? We've never done that before.
Comment #4
giorgio79 CreditAttribution: giorgio79 commentedI guess API first could go both ways :) We've never done a lot of things before that we now do with D8. We can agree that the way the world goes is one click single sign, right? But the whole concept of identity is the deepest rabbit hole on the web, and has very deep philosophical perspectives not just code wise. I assume FB and Google use it to gauge what their users use the most, and exploit that data. Drupal missed out on such an opportunity, and the biggies will chip away on content features in the long run (eg FB groups, stackoverflow discussions etc etc). What is left is falling in line and letting the users have their way.
Comment #5
hampercm CreditAttribution: hampercm at Acquia commentedI'd be very reluctant to see HybridAuth included in core because of its dependency on third-party services, which are typically closed. This doesn't feel in keeping with the spirit of Drupal. Yes, the allure of one-click logins is nice, but it comes with the risk of giving access to your site away to a third-party, which could theoretically abuse that access. Adding such a feature to core would expose many more users to this risk, of which they may not even be aware.
Keeping HybridAuth as a Contrib module would be my vote.
Comment #6
giorgio79 CreditAttribution: giorgio79 commentedAh the security card. Well, anything can be insecure. From your webserver to your password. Come on :)
Comment #7
tim.plunkettI do. You use FB/Google as your auth provider? Yikes.
[citation needed]
Vote for a won't fix.
Comment #8
borisson_I do, I avoid using auth providers a much as possible.
I agree with @tim.plunkett that we shouldn't include this in core.
Comment #9
giorgio79 CreditAttribution: giorgio79 commentedAre you guys representative of the average web user? I guess we can safely say, you are not the target audience :)
Comment #10
David Hernández CreditAttribution: David Hernández at Gizra commentedDrupal is GPL. GPL is a bit more than just opening the source. GPL is about freedom. Even if the HybridAuth is free software, it does not follow the Free Software spirit, as it relies on third party services that forces the user to use specific services. Services of companies with their own private agendas, that might affect Drupal without Drupal being able to do anything at all.
So, if anyone wants to restrict the usage of it's site to certain login services, they are free to do it. For that, HybridAuth should be a contrib.
But, I don't want to restrict all the Drupal final users to use those services nor I want to make easier the expansion of those private companies making easier to force the usage of their login services. For those reasons, HybridAuth should not be a core module.
For me, this is a won't fix.
Comment #11
giorgio79 CreditAttribution: giorgio79 commented@David Hernandez "that forces the user to use specific services" Noone is forcing anybody to use FB or Google :)
So, the devs here prefer to wait for an open source identity service that will topple FB and Google? OpenID meant to do that IMHO... Anyways, it well could be that Drupal will have an email / password field for user login until Singularity :)
Comment #12
giorgio79 CreditAttribution: giorgio79 commentedAh, as I come to think of it the emails that users use to register are provided by closed source providers as well no (gmail, yahoo etc)? :P So, why not just have a plain text field for username on the register / login form...Your closed source argument is a bit hypocritical after a deeper look.