I’m working on an SSO implementation where I have to give access to a Drupal 7 site to external users authorized/authenticated by Oauth2. I’m struggling with the process of taking the supplied user information from the Oauth2 server and creating a drupal user from that.
As I understand the application flow
- Using an authorization grant flow, users are redirected to external oauth2 server for authentication, server responds with authorization code and scope
- Drupal 7 site takes authorization code and forms post for authorization token.
- Auth token is used to get user info.
- User info is processed from JSON, formatted to array, and then fed into user_external_login_register, success!
Looking at the documentation the user_external_login_register page it looks like the user object needs to be provided a password. What should that be since in an Oauth2 scenario the D7 client site shouldn’t have access to the user’s password?
It also looks like the two examples assume that some of the credentials are being supplied and processed by the user login form. In my case all of the credentials are being supplied by an API and no drupal form is being submitted. How do I shape this to my use needs? Or, do I need to create a second form that gets submitted programmatically?
Finally, the native user base has many required fields to register and required admin approval on registration. I don’t need that info for the external users, and the users don’t need to be approved, they should just get logged in.
In theory, there are two general login flows. The first is a self-initiated authentication against the Oauth2 server; the second the user is redirected and authenticated from the partner organization site. Either way, my logic begins when the auth code get provided to the site.
✓ Extra quality
ExtraProxies brings the best proxy quality for you with our private and reliable proxies
✓ Extra anonymity
Top level of anonymity and 100% safe proxies – this is what you get with every proxy package
✓ Extra speed
1,ooo mb/s proxy servers speed – we are way better than others – just enjoy our proxies!
USA proxy location
We offer premium quality USA private proxies – the most essential proxies you can ever want from USA
Our proxies have TOP level of anonymity + Elite quality, so you are always safe and secure with your proxies
Use your proxies as much as you want – we have no limits for data transfer and bandwidth, unlimited usage!
Superb fast proxy servers with 1,000 mb/s speed – sit back and enjoy your lightning fast private proxies!
99,9% servers uptime
Alive and working proxies all the time – we are taking care of our servers so you can use them without any problems
No usage restrictions
You have freedom to use your proxies with every software, browser or website you want without restrictions
Perfect for SEO
We are 100% friendly with all SEO tasks as well as internet marketing – feel the power with our proxies
Buy more proxies and get better price – we offer various proxy packages with great deals and discounts
We are working 24/7 to bring the best proxy experience for you – we are glad to help and assist you!