24
Drupal 8 Authentication Drupalcamp London 2014 Juan Pablo Novillo Requena (juampy)

Drupal 8 Authentication

Embed Size (px)

DESCRIPTION

http://2014.drupalcamplondon.co.uk/drupalcamp-london-2014/session/authentication-drupal-8

Citation preview

Page 1: Drupal 8 Authentication

Drupal 8 AuthenticationDrupalcamp London 2014

Juan Pablo Novillo Requena (juampy)

Page 2: Drupal 8 Authentication

About me, @juampy72Maintainer of OAuth, Twitter, Devel, Basic Auth...

Developer at Lullabot

Page 3: Drupal 8 Authentication

Let's start by defining authentication and authorization

Page 4: Drupal 8 Authentication

Authentication

Page 5: Drupal 8 Authentication

Authentication

Who the hell are you?

Page 6: Drupal 8 Authentication

Authorization

403

Dude, what the hell do you think you are doing here?

Page 7: Drupal 8 Authentication

In detail: Authentication in Drupal 8

Drupal 8 incorporates a Modular Authentication System.

Different Authentication Providers can authenticate a user out of a given request.

Page 8: Drupal 8 Authentication

Core's built-in auth providers

Cookie - default one. Returns authenticated or anonymous user depending on the presence of a cookie.

Basic Auth - checks if user name & password are in the request headers and finds a user.

Page 9: Drupal 8 Authentication

How does it work?

Page 10: Drupal 8 Authentication

ClientRequest

/latest-newsAuthorization: Basic pvcGVuIHNlc2ZQ==

ServerDrupal bootstraps

Authentication Manager

$request

- Basic auth.apply() - Cookie.apply()

$request

Basic Auth.authenticate()

$user

Access Controllers (EntityaccessController, MenuAccessController...)

Buildresponse

OK 200

- Drupalcamp London is a total success- Inebriated Drupal geeks swimming in Trafalgar Square were arrested... TRUE

Page 11: Drupal 8 Authentication

ClientRequest

/latest-newsAuthorization: Basic pvcGVuIHNlc2ZQ==

ServerDrupal bootstraps

Authentication Manager

$request

- Basic auth.apply() - Cookie.apply()

$request

Basic Auth.authenticate()

$user

Access Controllers (EntityaccessController, MenuAccessController...)

Buildresponse

OK 200

- Drupalcamp London is a total success- Inebriated Drupal geeks swimming in Trafalgar Square were arrested... TRUE

Page 12: Drupal 8 Authentication

Example: Basic Authentication classFirst step, check

if we canauthenticate

Next: attemptto authenticate a

user

Page 13: Drupal 8 Authentication

Basic authentication service

This tag makes the service to be loaded automatically

Cookie auth provider has a priority of 0, so this provider will kick in earlier.

Page 14: Drupal 8 Authentication

Loading authentication providers

Load services taggedas 'authentication'

The priority flag is used to sort in which order they will be called

Page 15: Drupal 8 Authentication

Authenticate an existing Routehttps://github.com/juampy72/drupal_friendly_support

Module friendly_support

Makes it impossible for clients to make a complaint by adding HTTP authentication to /contact

Next: steps on how it works.

Page 16: Drupal 8 Authentication

1. Define our RouteSubscriberA provider may be a module name. A

collection, the routes it defines.

Here is where wealter the route.

Page 17: Drupal 8 Authentication

2. Define our class as a service

● Add the event_subscriber tag.● RouteSubscriberBase takes care of the rest.

Page 18: Drupal 8 Authentication

3. Enable it and open /contact

Page 19: Drupal 8 Authentication

Authenticate a custom RouteAllowed methods: Basic Authentication

We just need an authenticated user. No extra permissions are needed.

Page 20: Drupal 8 Authentication

Authenticate a REST resource

Recommended read: REST: exposing data as RESTful web services

REST UI module lets you set authentication through the admin interface.

Page 21: Drupal 8 Authentication

Authenticate a view

Page 22: Drupal 8 Authentication

Authenticate a view I have no idea

Page 23: Drupal 8 Authentication

How to help?

● Add flood support to basic_auth.● Circular reference error on a REST request● Remove basic_auth from core● OAuth2?● Any other authentication providers?

○ Digest Authentication○ IP based authentication

Page 24: Drupal 8 Authentication

Thanks! Questions?

about.me/juampy

@juampy72