Distributed Authentication - LiveJournal
THEMike - January 11, 2005 - 19:41
User management
User authentication - Users can register and authenticate locally or using an external authentication source like Jabber, Blogger, LiveJournal or another Drupal website. For use on an intranet, Drupal can integrate with an LDAP server.
OK, so how do I authenticate against blogger and livejournal? I've installed a stock 4.5.1 install on my test server and enabled the drupal module, I can login to my server with THEMike and THEMike@www.drupal.org but not themike@www.blogger.com or eyeh8u@www.livejournal.com. Is this just saying "It could be made possible" or have I missed something obvious or less obvious?
Cheers.
Jabber, Blogger, and
Jabber, Blogger, and LiveJournal authentication are no longer supported. That description of user management is also, sadly, outdated.
It would be relatively simple to (re)create the other authentication modules if someone were interested in coding them.
Well blogger and LiveJournal
Well blogger and LiveJournal I could take a look at, if I decided to move forward with Drupal. I've got a test instance up to look it over and figure it out. I'm assuming that the problem with the original code is the way it's hooked into Drupal rather than the way it authenticates with LJ/Blogger/Jabber? Could you point me at where I Can find the original code to do that?
It will likely be in the CVS
It will likely be in the CVS Attic somewhere, and/or look back at much older (4.3?) versions of Drupal.
Basically, the old code never got updated, since no one was maintaining it. It may very well be that the external services have changed as well.
I've done it. And got CVS
I've done it.
And got CVS Contributor access, and am currently mailing drupal-dev for review.
but...
> LiveJournal authentication are no longer supported
Oh that is a shame... But there is still a LIveJournal module. It is rather confusing for a newbie to come across it.
I was also wondering about security because it would presumably be very easy to steal user's LJ passwords....
Nobody's going to enter
Nobody's going to enter their LJ password into a non-LJ site unless they trust that site (well, nobody with a clue about security). That said, the drupal site wouldn't need to store the LJ password anywhere if it were only used for authentication purposes. Sniffing them off of the network wouldn't be any more difficult for a site using drupal than it would using LJ.
BTW,
LJ supports the Blogger API. Correction, they *did* support it, but they seem to have abandoned it in favor of ATOM (and here), which people appear to be using.That said, the drupal site
Drupal caches the MD5 hash of the password entered to allow users to authenticate localy to avoid calling out to remote pages all the time. This MD5 hash can be used DIRECTLY to login via the LiveJournal API using the hpassword construct. So, you should never use your livejournal account on a drupal instance you don't trust 100%.
LJ does still support the blogger API, as well as their own API and Atom. I use the blogger API instance from my blogger client.
LiveJournal authentication
LiveJournal authentication is no longer supported as "stock" in a vanilla Drupal 4.5.x release. As noted when people replied to me.
I wanted the functionality, and the API for developers in Drupal allows you to write an authentication module, so I wrote the LiveJournal module you mention. This allows you to restore that functionality, but it's a "contributed" module not a "core" module.
So it's not supported in a vanilla drupal release, as the documentation might lead you to believe, but there is a module you can add to enable that authentication in your drupal site.
I have also written a bloggerauth module, but not yet got a project set up for it.
Any plans for 4.6?
Despite the skepticism expressed above, I have quite a few LJ members on my site. Since the upgrade to 4.6, I fear they've been locked out and cannot access their user pages. I went ahead and just tossed in the 4.5.x version of the livejournal.module, but as I am not an LJ member I cannot test to see if it's working. Is there an upgrade in the works, or will the 4.5 version function just fine? Just wondering! :D
--
mediagirl.org
LJ now supports OpenId. I
LJ now supports OpenId. I think this might make sense to pursue for a 4.6 version instead of something LJ-specific. Or, at least, any LJ-specific code could work ontop of the OpenId framework.
BTW, I just logged into mediagirl.org using my LJ credentials. It seems to be functioning there.
Excellent and excellent
Thanks for checking. Much appreciated! Maybe someone could tag the module as okay for 4.6 as-is?
OpenID sounds great, too, and an excellent addition to Drupal, should it happen.
--
mediagirl.org
Great
I put some work into yet another implementation of an LJ auth module, though it's far more complicated than the one tagged for 4.5, and far less likely to work on 4.6. I think that the current 4.5 version should be tagged for 4.6, since it is most likely compatible (it does appear to be working for you, right?).