BitShares Forum

Other => Graveyard => Marketplace => Topic started by: bytemaster on July 23, 2014, 09:43:29 pm

Title: Simple Machines BitShares X Login Plugin
Post by: bytemaster on July 23, 2014, 09:43:29 pm
I would like to see a plugin for Simple Machines that allows users to sign up and login to any Simple Machines forum using our ID system.

https://github.com/BitShares/bitshares_toolkit/wiki/BitShares-XT-Login
Title: Re: Simple Machines BitShares X Login Plugin
Post by: gamey on July 23, 2014, 10:06:38 pm

I'll do this.  If someone else has a burning desire though, please tell me so I don't waste my time.
Title: Re: Simple Machines BitShares X Login Plugin
Post by: bytemaster on July 23, 2014, 10:11:51 pm

I'll do this.  If someone else has a burning desire though, please tell me so I don't waste my time.

+1
Title: Re: Simple Machines BitShares X Login Plugin
Post by: cass on July 23, 2014, 11:10:31 pm
wow :) yes go for it pls
Title: Re: Simple Machines BitShares X Login Plugin
Post by: gamey on August 01, 2014, 10:32:50 am
SMF has a ton of support for bridges etc on their support site but I don't think they'll fit so well.  The main problem is people already have accounts and allowing people to login to existing accounts can't happen without a setting change..  I am also not sure this scheme will readily fit within the confines of a normal plugin.  I will have to make a custom query for the alternative login.

My solution - Add a new text field to each user labelled something like "Bitshares X allowed login name"

This will be blank for existing accounts by default meaning someone can not use Bitshares X to login to that account.  Once the user changes this to a registered name  then the owner of that registered name will be able to login to SMF.

Likewise, if someone tries to login via Bitshares X to a non-existant name then they will be sent to the new user page.  The idea is to force them to create an account with some sort of password so they can login later.  The other option is to skip the new user creation page, but then they'll never be able to login outside of Bitshares X without creating a password.  (And I am not sure how much code is required to have accounts with no passwords.)

So this allows existing accounts to start using BitShares X and BitShares X users to create accounts.

The other main option is to just have a "allow BitShares X login" checkbox, but it isn't near as flexible.

Thoughts on this ?  Concerns?  I'm not sure if anyone will read it, but hopefully Toast/Bytemaster/the XTS authenticator guy might. 
Title: Re: Simple Machines BitShares X Login Plugin
Post by: Riverhead on August 01, 2014, 10:35:36 am
Eating our own dog food.  I love it.  +5%
Title: Re: Simple Machines BitShares X Login Plugin
Post by: xeroc on August 01, 2014, 11:16:30 am
Ist your proposal pretty much the same how platforms treat openid?

its like a common account with an openid tight to it ...

I like the idea .. pretty simple and well established with openid already
Title: Re: Simple Machines BitShares X Login Plugin
Post by: bytemaster on August 01, 2014, 12:10:10 pm
Set a default password for accounts created entirely from btsx.  The goal is single sign-on into eliminate the need for extra forms.   If the user would like to login without btsx X then they can set a password after their account has been created.   So by default you don't create accounts without passwords you just create accounts with really difficult random passwords that must be changed if user would like to login Without Btsx.


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Simple Machines BitShares X Login Plugin
Post by: gamey on August 01, 2014, 05:31:27 pm
@xeroc I have looked a little into openid but I don't really know how it is implemented.  It sounds like a good base.

BM - I considered putting in a default random password.  I am a little hesitant to create passwords as I'm not a cryptographer and would be worried about entropy source.  I also would be worried about users not writing it down etc. 

I think the best option is to print the password on the page, tell the user to write it down if they choose and then set the password field with it.  This would have to be more secure than coding around blank password fields, even if the entropy level isn't as high as a cryptographer might wish.
Title: Re: Simple Machines BitShares X Login Plugin
Post by: Riverhead on August 01, 2014, 05:43:44 pm
The users shouldn't need to write it down because if they're authenticated with their BTSX Id they don't need to use the password because they're already authenticated.
Title: Re: Simple Machines BitShares X Login Plugin
Post by: bytemaster on August 01, 2014, 06:18:38 pm
@xeroc I have looked a little into openid but I don't really know how it is implemented.  It sounds like a good base.

BM - I considered putting in a default random password.  I am a little hesitant to create passwords as I'm not a cryptographer and would be worried about entropy source.  I also would be worried about users not writing it down etc. 

I think the best option is to print the password on the page, tell the user to write it down if they choose and then set the password field with it.  This would have to be more secure than coding around blank password fields, even if the entropy level isn't as high as a cryptographer might wish.

Just use /dev/random or ask PHP to generate a private key and use the public key as the password.  That will give you a secure source of random data.  Alternatively, you can have a blank default password and not allow login to any account with a blank password.
Title: Re: Simple Machines BitShares X Login Plugin
Post by: gamey on August 01, 2014, 06:32:06 pm
The users shouldn't need to write it down because if they're authenticated with their BTSX Id they don't need to use the password because they're already authenticated.

This would be operating on the assumption they will always login from bitsharesX client or have it available if they are unauthenticated.  I am not sure I want that constraint.
Title: Re: Simple Machines BitShares X Login Plugin
Post by: Riverhead on August 01, 2014, 06:35:14 pm
The users shouldn't need to write it down because if they're authenticated with their BTSX Id they don't need to use the password because they're already authenticated.

This would be operating on the assumption they will always login from bitsharesX client or have it available if they are unauthenticated.  I am not sure I want that constraint.
Good points. I guess when I think of single sign on I think of logging into one application and then everything is pre-authenticated. However I can understand why that, as an only option, would be very undesirable in a web site people could log in to from anywhere.
Title: Re: Simple Machines BitShares X Login Plugin
Post by: bytemaster on August 01, 2014, 08:33:46 pm
The users shouldn't need to write it down because if they're authenticated with their BTSX Id they don't need to use the password because they're already authenticated.

This would be operating on the assumption they will always login from bitsharesX client or have it available if they are unauthenticated.  I am not sure I want that constraint.

That assumption is valid if they log in from BTSX... they can change their password to something they know if they want.