Drupal 8 Authentication

3,460 views

Published on

http://2014.drupalcamplondon.co.uk/drupalcamp-london-2014/session/authentication-drupal-8

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,460
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
10
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Drupal 8 Authentication

  1. 1. Drupal 8 Authentication Drupalcamp London 2014 Juan Pablo Novillo Requena (juampy)
  2. 2. About me, @juampy72 Maintainer of OAuth, Twitter, Devel, Basic Auth... Developer at Lullabot
  3. 3. Let's start by defining authentication and authorization
  4. 4. Authentication
  5. 5. Authentication Who the hell are you?
  6. 6. Authorization 403 Dude, what the hell do you think you are doing here?
  7. 7. In detail: Authentication in Drupal 8 Drupal 8 incorporates a Modular Authentication System. Different Authentication Providers can authenticate a user out of a given request.
  8. 8. Core's built-in auth providers Cookie - default one. Returns authenticated or anonymous user depending on the presence of a cookie. Basic Auth - checks if user name & password are in the request headers and finds a user.
  9. 9. How does it work?
  10. 10. Client Request /latest-news Authorization: Basic pvcGVuIHNlc2ZQ== Server Drupal bootstraps $request Authentication Manager - Basic auth.apply() - Cookie.apply() $request Basic Auth.authenticate() OK 200 - Drupalcamp London is a total success - Inebriated Drupal geeks swimming in Trafalgar Square were arrested ... $user Build response TRUE Access Controllers (EntityaccessController, MenuAccessController...)
  11. 11. Client Request /latest-news Authorization: Basic pvcGVuIHNlc2ZQ== Server Drupal bootstraps $request Authentication Manager - Basic auth.apply() - Cookie.apply() $request Basic Auth.authenticate() OK 200 - Drupalcamp London is a total success - Inebriated Drupal geeks swimming in Trafalgar Square were arrested ... $user Build response TRUE Access Controllers (EntityaccessController, MenuAccessController...)
  12. 12. Example: Basic Authentication class First step, check if we can authenticate Next: attempt to authenticate a user
  13. 13. Basic authentication service This tag makes the service to be loaded automatically Cookie auth provider has a priority of 0, so this provider will kick in earlier.
  14. 14. Loading authentication providers Load services tagged as 'authentication' The priority flag is used to sort in which order they will be called
  15. 15. Authenticate an existing Route https://github.com/juampy72/drupal_friendly_support Module friendly_support Makes it impossible for clients to make a complaint by adding HTTP authentication to /contact Next: steps on how it works.
  16. 16. 1. Define our RouteSubscriber A provider may be a module name. A collection, the routes it defines. Here is where we alter the route.
  17. 17. 2. Define our class as a service ● Add the event_subscriber tag. ● RouteSubscriberBase takes care of the rest.
  18. 18. 3. Enable it and open /contact
  19. 19. Authenticate a custom Route Allowed methods: Basic Authentication We just need an authenticated user. No extra permissions are needed.
  20. 20. Authenticate a REST resource Recommended read: REST: exposing data as RESTful web services REST UI module lets you set authentication through the admin interface.
  21. 21. Authenticate a view
  22. 22. Authenticate a view I have no idea
  23. 23. How to help? ● ● ● ● ● Add flood support to basic_auth. Circular reference error on a REST request Remove basic_auth from core OAuth2? Any other authentication providers? ○ Digest Authentication ○ IP based authentication
  24. 24. Thanks! Questions? about.me/juampy @juampy72

×