Recently, I’ve been looking at OAuth again. When, in the past, I was checking our Drupal, I had this general OAuth plugin. Just enter the protocol version, urls, client id and secret, and you could use any OAuth provider.
I have been looking for something simular for WordPress, but it doesn’t appear to exist. There exist some plugins specific to a website,
There are plugins line Gigyas and Janrain, which require you to sign up at their site. I don’t trust those kind of services, introducing another party in the login process, which, if compromised, could harm both the user and the website. Depending on a third party to authenticate your users is one thing, but letting a fourth party nagotiate between you and the third party is just asking for trouble if you ask me.
Last time I looked at OAuth, it seemed to me Facebook was the only service using OAuth 2.0. Nowadays, a higher number of services is using the 2.0 version of the protocol. Even Microsoft has adapted to this protocol, depricating it’s proprietary protocols it used when it was still called a Passport account. I know it was a long time ago when it was called this, but still, since when does Microsoft actually use standards (without raping them)?
Anyways… since there doesn’t appear to exist an universal OAuth solution for WordPress, I intent to make such a plugin. I think I’ll base it upon the oauth php library by Manuel Lemos. This library implements OAuth 1.0, 1.0a and 2.0. (For 2.0 some sites might use earlier drafts, not sure if this becomes problematic.) The source code is released under the 3 clause BSD license, so it could be used without a problem. I intend to create WordPress bindings for this library. So, I’ve been looking at the WordPress plugin API as well.
Well… I’m just getting some ideas ;)
P.S. When you think about using OAuth with Twitter, back then, and right now, I’m noticing the problem with the callback URL. You have to specify the callback URL at the application settings at their site.
I am the developer of the only known OAuth 2.0 provider plugin in the WP repo (or at least in english!). I built the plugin using the OAuth 2.0 Draft 20 as a guide. You can find it here: http://wordpress.org/plugins/oauth2-provider/
Good luck and if you are looking to join forces, I am looking to expand the project and could use some more hands.
Sorry for not replying earlier.
I have been busy with other things and had my OAuth plugin project on hold for a while.
However, I have picked it up again. I am currently developing an online version of the Tuintopia game. An online demo is available. Currently, the idea is to implement authentication with Facebook and Twitter, and enable posting of (high)scores. Other features are also planned, but will be announced at a later time.
The OAuth plugin will be released as soon as it is feature-complete.
Joining forces sounds interesting, but currently I don’t know if I have enough time to add yet another project to my todo-list. However, I will take a look at your plugin and keep it in mind.
Hi
Have you got any progress with this idea?
I’m in similar situation as I need plugin for wordpress where I can set details of OAuth-provider so that users can log in with that (and maybe force user to use only that).
I had the project on hold, but I am currently working on it again.
At the moment I am working on linking/unlinking accounts and registration.
I have pushed a new update to the OAuth 2.0 Server for WordPress that supports almost all grant types. You can find it here: http://wp-oauth.com.
andre,
The OAuth 2.0 project could use another developer ;). Shoot me an email.