OAuth 2

Blank 9/10/2019 06:43 - 9/10/2019 06:43
Developers

Kademi supports creating and linking profiles with OAuth 2 providers like Facebook and Google, You can also use most 3rd-party OAuth 2 authentication providers.

Here is how the workflow works:

1: ​A user visits a Kademi site and click a "Log me in with {Provider name}"

 

2: Kademi get's the authentication URL, ClientId, Scope and redirect URL that has been setup for the provider and redirects the user to the authentication URL with the details, e.g.

  • https://graph.facebook.com/oauth/authorize?client_id={your_client_id}&redirect_uri={your_url}&response_type=code&state={Base64 encoded data from Kademi}
    

3: The user logs in into the site (if they haven't already) and gives Kademi permission to access some information on the account (defined by the Scope)

 

 

4: The OAuth 2 server then redirects the user to the supplied URL with an authorization token

https://www.yourdomain.com/oauth?code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&state={Base64 encoded data from Kademi}

5: Kademi uses the token to login to the OAuth server and get an access token

6: With the access token Kademi can retrieve details from the OAuth server about the user like email address and user id.

7: The access token get's linked to a user for future logins.
 

To setup a provider for OAuth 2 follow these steps:

1: Login to your Kademi admin portal

2: Navigate to Website manager -> Applications

3: Search for "Social Media Login" and turn it on if it's not already

4: Open the settings and select "Add a provider"

5: You can either select a template e.g. Facebook or you can add a custom provider

6: Enter the required details e.g. Client ID and Client Secret
7: Set the Redirect URL, it has to point to /oauth in a full url e.g. http://www.mydomain.com/oauth
8: Click "Add Provider" and you will see the provider has been added

9: Ensure the app is turned on for websites you want to use OAuth 2 with. You can specify providers at the website level as well.

For setting up a custom provider, you will need to provide the following details:
 

  • Client ID
  • Client Secret
  • Authentication URL - This is the URL the user get's sent to by Kademi to login
  • Token URL - This is the URL used by Kademi to get an access token from the authorization token
  • Profile URL - This is the URL used to get details about the user e.g. user id, email address
  • Scope - a list of permissions Kademi requires to access the email address and user id

 

After this has been setup users will be able to register and login using OAuth 2 providers, allowing users to use their existing accounts like Facebook and Google to access Kademi websites.