Kademi supports creating and linking profiles with OAuth 2 providers like Facebook and Google, You can also use most 3rd-party OAuth 2 authentication providers.
Here is how the workflow works:
1: A user visits a Kademi site and click a "Log me in with {Provider name}"
2: Kademi get's the authentication URL, ClientId, Scope and redirect URL that has been setup for the provider and redirects the user to the authentication URL with the details, e.g.
-
https://graph.facebook.com/oauth/authorize?client_id={your_client_id}&redirect_uri={your_url}&response_type=code&state={Base64 encoded data from Kademi}
3: The user logs in into the site (if they haven't already) and gives Kademi permission to access some information on the account (defined by the Scope)
4: The OAuth 2 server then redirects the user to the supplied URL with an authorization token
https://www.yourdomain.com/oauth?code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&state={Base64 encoded data from Kademi}
5: Kademi uses the token to login to the OAuth server and get an access token
6: With the access token Kademi can retrieve details from the OAuth server about the user like email address and user id.
7: The access token get's linked to a user for future logins.
To setup a provider for OAuth 2 follow these steps:
1: Login to your Kademi admin portal
2: Navigate to Website manager -> Applications
3: Search for "Social Media Login" and turn it on if it's not already
4: Open the settings and select "Add a provider"
5: You can either select a template e.g. Facebook or you can add a custom provider
6: Enter the required details e.g. Client ID and Client Secret
7: Set the Redirect URL, it has to point to /oauth in a full url e.g. http://www.mydomain.com/oauth
8: Click "Add Provider" and you will see the provider has been added
9: Ensure the app is turned on for websites you want to use OAuth 2 with. You can specify providers at the website level as well.
For setting up a custom provider, you will need to provide the following details:
- Client ID
- Client Secret
- Authentication URL - This is the URL the user get's sent to by Kademi to login
- Token URL - This is the URL used by Kademi to get an access token from the authorization token
- Profile URL - This is the URL used to get details about the user e.g. user id, email address
- Scope - a list of permissions Kademi requires to access the email address and user id
After this has been setup users will be able to register and login using OAuth 2 providers, allowing users to use their existing accounts like Facebook and Google to access Kademi websites.