SlideShare a Scribd company logo
1 of 33
Download to read offline
Authentication in Drupal 8
Juampy Novillo Requena
DrupalCamp Spain 2014
About me, @juampy72
Drupal 7 and 8 module
maintainer and core developer
Developer at Lullabot
Let's start by defining
Authentication and Authorization
Authentication
Show me your ID, sucker!
Authorization
403
None shall pass!!
As the Symfony book states...
http://symfony.com/doc/current/book/security.html
Authentication in Drupal 8
Drupal 8 implements a Modular Authentication
System.
Different Authentication Providers may extract
a Drupal $user out of a given $request.
Auth Providers in core
Cookie
Returns authenticated or anonymous user
depending on the presence of a cookie.
Basic Auth
Checks if user & password are in the request
headers and finds a matching user in the DB.
Basic Auth example
php > print base64_encode('test:test');
Cookie auth example
1. Obtain a cookie for a Drupal user. 2. Add the cookie id to the request.
https://drupal.org/node/2076725
Auth Providers in contrib: OAuth
Supports OAuth 1.0a protocol (Twitter, Flickr).
No support for OAuth2 (Facebook) yet :-(
Will be implemented at OAuth2 Server
Oauth setup
OAuth example request
REQUEST
RESPONSE
https://drupal.org/project/guzzle_oauth
¿How does it work?
Client
Request
/latest-news
Authorization: Basic pvcGVuIHNlc2ZQ==
Server
Drupal bootstraps
Authentication Manager
$request
- Basic auth.apply()
- Cookie.apply()
$request
Basic Auth.authenticate()
$user
Access Controllers
(EntityaccessController,
MenuAccessController...)
Build
response
OK 200
- DrupalCamp Spain is a total success!
- David Hernández scares the shit out of a bunch
of kids with his Dark Vader's hoarse throat
- Álvaro Hurtado disappointed the audience by
not doing a striptease
TRUE
Client
Request
/latest-news
Authorization: Basic pvcGVuIHNlc2ZQ==
Server
Drupal bootstraps
Authentication Manager
$request
- Basic auth.apply()
- Cookie.apply()
$request
Basic Auth.authenticate()
$user
Access Controllers
(EntityaccessController,
MenuAccessController...)
Build
response
OK 200
- DrupalCamp Spain is a total success!
- David Hernández scares the shit out of a bunch
of kids with his Dark Vader's hoarse throat
- Álvaro Hurtado disappointed the audience by
not doing a striptease
TRUE
AUTHENTICATION
AUTHORIZATION
Example: Basic Authentication class
Quick check to
see if we can
authenticate
If the above is
TRUE,
proceed and
attempt to extract
a $user.
Basic authentication service
This makes the class discoverable. Higher priority means that it will
try to authenticate before others
The Authentication Manager looks for services tagged as authentication_provider
Loading authentication providers
Examples
http://hillsidek9academy.com/wp-content/uploads/2013/12/dog-training.jpg
Authenticate an existing route
friendly_support module
Makes it impossible to send support requests by ading
HTTP authentication to the Contact form ;D
1. Extend RouteSubscriberBase
$provider is an identifier for a set of routes.
Normally is the module name.
Here is where we
add
authorization
rules
2. Make the class a service
● Just add event_subscriber tag.
● RouteSubscriberBase takes care of the rest.
Change record
3. Install module and open /contact
We can do it from the route definition.
Authenticate a custom route
Allowed methods: Basic Authentication
This is part of Authorization: only authenticated users can access.
Authenticate a REST resource
Recommended read: REST: exposing data as RESTful web services
REST UI
REST UI offers site builders an
interface to set up a REST API,
including output formats and
authentication.
Authenticate a view
Authenticate a view trough code
Authenticate a view through the UI
https://drupal.org/node/2228141
Views authentication example
How to help?
● Add flood support to OAuth
● Implement more Auth
Providers:
○ OAuth2
○ Digest Authentication
○ IP based authentication
Thanks! Questions?
about.me/juampy
@juampy72

More Related Content

Similar to Authentication in Drupal 8 - DrupalCamp Spain 2014

Google external login setup in ASP (1).pdf
Google external login setup in ASP  (1).pdfGoogle external login setup in ASP  (1).pdf
Google external login setup in ASP (1).pdf
findandsolve .com
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
Apigee | Google Cloud
 

Similar to Authentication in Drupal 8 - DrupalCamp Spain 2014 (20)

Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Integrating OAuth and Social Login Into Wordpress
Integrating OAuth and Social Login Into WordpressIntegrating OAuth and Social Login Into Wordpress
Integrating OAuth and Social Login Into Wordpress
 
Code your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnCode your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard Learn
 
How to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication SystemHow to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication System
 
REST API Authentication Methods.pdf
REST API Authentication Methods.pdfREST API Authentication Methods.pdf
REST API Authentication Methods.pdf
 
Introduction to OAuth2
Introduction to OAuth2 Introduction to OAuth2
Introduction to OAuth2
 
.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C
 
Slc camp technology getting started and api deep dive-boston_sep2012
Slc camp technology getting started and api deep dive-boston_sep2012Slc camp technology getting started and api deep dive-boston_sep2012
Slc camp technology getting started and api deep dive-boston_sep2012
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_app
 
Authentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresAuthentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructures
 
validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using  Django backend aut...validation of user credentials in social network by using  Django backend aut...
validation of user credentials in social network by using Django backend aut...
 
SoapUI : Day22 : Webservice Authentication
SoapUI : Day22 :  Webservice AuthenticationSoapUI : Day22 :  Webservice Authentication
SoapUI : Day22 : Webservice Authentication
 
Demystifying OAuth2 for PHP
Demystifying OAuth2 for PHPDemystifying OAuth2 for PHP
Demystifying OAuth2 for PHP
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
 
Google external login setup in ASP (1).pdf
Google external login setup in ASP  (1).pdfGoogle external login setup in ASP  (1).pdf
Google external login setup in ASP (1).pdf
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
 
How Do You Know that Gal Knows Drupal? Towards an Open Source Curriculum and ...
How Do You Know that Gal Knows Drupal? Towards an Open Source Curriculum and ...How Do You Know that Gal Knows Drupal? Towards an Open Source Curriculum and ...
How Do You Know that Gal Knows Drupal? Towards an Open Source Curriculum and ...
 
OAuth2 & OpenID Connect with Spring Security
OAuth2 & OpenID Connect with Spring SecurityOAuth2 & OpenID Connect with Spring Security
OAuth2 & OpenID Connect with Spring Security
 
Authentication with zend framework
Authentication with zend frameworkAuthentication with zend framework
Authentication with zend framework
 

More from Juampy NR

More from Juampy NR (11)

GitHub Pull Request Builder for Drupal
GitHub Pull Request Builder for DrupalGitHub Pull Request Builder for Drupal
GitHub Pull Request Builder for Drupal
 
Por qué Drupal es un potente gestor de contenidos
Por qué Drupal es un potente gestor de contenidosPor qué Drupal es un potente gestor de contenidos
Por qué Drupal es un potente gestor de contenidos
 
Trabajar en una empresa distribuida - DrupalCamp Mexico 2014
Trabajar en una empresa distribuida - DrupalCamp Mexico 2014Trabajar en una empresa distribuida - DrupalCamp Mexico 2014
Trabajar en una empresa distribuida - DrupalCamp Mexico 2014
 
Drupal & AngularJS - DrupalCamp Spain 2014
Drupal & AngularJS - DrupalCamp Spain 2014Drupal & AngularJS - DrupalCamp Spain 2014
Drupal & AngularJS - DrupalCamp Spain 2014
 
Symfony y Drupal - Drupal Day Santander 2013
Symfony y Drupal - Drupal Day Santander 2013Symfony y Drupal - Drupal Day Santander 2013
Symfony y Drupal - Drupal Day Santander 2013
 
Symfony y Drupal
Symfony y DrupalSymfony y Drupal
Symfony y Drupal
 
Git y drupal
Git y drupalGit y drupal
Git y drupal
 
Learn through the issue queue
Learn through the issue queueLearn through the issue queue
Learn through the issue queue
 
Drush workshop
Drush workshopDrush workshop
Drush workshop
 
Taller de Simpletest - Drupal Day Valencia 2012
Taller de Simpletest - Drupal Day Valencia 2012Taller de Simpletest - Drupal Day Valencia 2012
Taller de Simpletest - Drupal Day Valencia 2012
 
Aegir: un Drupal para gobernarlos a todos
Aegir: un Drupal para gobernarlos a todosAegir: un Drupal para gobernarlos a todos
Aegir: un Drupal para gobernarlos a todos
 

Recently uploaded

audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
lolsDocherty
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
ChloeMeadows1
 

Recently uploaded (16)

audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirt
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
Topology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfTopology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdf
 

Authentication in Drupal 8 - DrupalCamp Spain 2014