Social login has become common to every forum. Why don't we make it an inbuilt function of smf 2.1? The most common logins through google, facebook and twitter can be made by default part of it. Just a suggestion.
I would suggest it's because it opens potential security vulnerabilities, and that the primary focus is on making the forum stable with a few 'nice to have' basics (likes, mentions etc)
For 2.0.x There is already a mod - social login - that is excellent for what you are looking to achieve. https://custom.simplemachines.org/mods/index.php?mod=3580
I'd be VERY surprised if oneall (the software mob) don't keep it updated to be SMF 2.1 compatible. I'm confident they will. http://docs.oneall.com/plugins/guide/social-login-smf/
The other reason to NOT have a unique smf-only solution is that the system oneall has allows people to use the same log in for multiple forums and websites.
Please note that I am in no way connected with oneall. Personally I'm getting rid of my social and tapatalk mods altogether.
Cheers
Actually the reason isn't security, it's maintainability. The social providers change their APIs regularly, which means you'll have to update your forum more often, assuming the devs have time to keep up with the changes (remember, they're volunteers doing this in their spare time, not paid to look after it full time)
I for one, wouldn't use SMF if it came with a social sites login option out of the box. Even if I had the option to disable it, I would still switch platforms.
Ah so you're never, ever going to any of the paid platforms, nor to Discourse. Nor using Moodle for that matter.
Quote from: Arantor on July 06, 2018, 03:43:33 AM
Actually the reason isn't security, it's maintainability. The social providers change their APIs regularly, which means you'll have to update your forum more often, assuming the devs have time to keep up with the changes (remember, they're volunteers doing this in their spare time, not paid to look after it full time)
Is every social provider keep changing APIs? I was hoping to see the basic one like Google, Twitter and Facebook.
They change their APIs regularly. I used to work for a platform that spent a lot of its life posting to social media and I had to make changes every few weeks.
Gigawatt,
Be careful of absolute statements like that.
It is unlikely that SMF will ever build a synced social login into the core for the reasons that Arantor indicates.
(also, it's theoretically less secure, since you could spoof someone's social account -- or once you hack the social account, you have access to every site they use social-sync logins)
but, saying "I would never use..." is a bit harsh and uninformed. If it was implemented, then just turn it off for your site. :P
And, Jack... yes - as Arantor says, they regularly change their API. it's a pain to deal with on personal sites, let alone on a platform level.
Quote from: Arantor on July 06, 2018, 10:20:26 AM
Ah so you're never, ever going to any of the paid platforms, nor to Discourse. Nor using Moodle for that matter.
Probably not... if they have features like social logins built in and even if there was no other free alternative, I'd rather spend 5 years developing my own software then to use that, that... whatever it is... because it's not a forum.
Quote from: Kindred on July 06, 2018, 12:18:45 PM
Be careful of absolute statements like that.
I meant what I said... and it's my choice, I'm not going against what I believe. If a question like this is raised, yes, I will be against it, but if SM does decided to implement this, I will be moving away from the platform.
I don't like having
any code embedded in the software for my forum that is related with
any social site, period. IMO, those sites are abominations that need to be wiped from the face of the earth. They serve no purpose except self promotion, laziness and gossip... one of humanity's worst personality traits.
On the other hand, if it was easier to completely remove the code from the software without having any negative impact on the software itself, then to switch platforms, in that case, yes, I would continue using SMF.
Actually, guess what? You shouldn't even be using SMF 2.0 then because SMF 2.0 supports OpenID for logins which is essentially the same concept, just a different protocol to OAuth.
Also, you know what? Forums: the original social network. They're full of all the same traits, just slower, that you ascribe to social networks. A forum IS a type of social network by design, if it's not, you don't have group participation.
Quote from: Arantor on July 06, 2018, 05:34:04 PM
Actually, guess what? You shouldn't even be using SMF 2.0 then because SMF 2.0 supports OpenID for logins which is essentially the same concept, just a different protocol to OAuth.
Yes, I did notice that and I and it's disabled. If I knew a way to remove it without harming the rest of the software, I would.
In any case, it's not the same. As far as I know, it's open source, not proprietary, like social website logins. Yes, they do share the API, but they're not open source projects, right.
Quote from: Arantor on July 06, 2018, 05:34:04 PM
Also, you know what? Forums: the original social network. They're full of all the same traits, just slower, that you ascribe to social networks. A forum IS a type of social network by design, if it's not, you don't have group participation.
Exactly, but, as the owner, you have complete control over the community. I don't have any control over what social media sites may or may not share from my forum.
And as I said, in most cases, forums (yes, you're correct, they are the original social network) usually attracted people with common interests, traits, professions, so they could share experiences and expand their knowledge (which is also one of the reasons I joined this forum), not just click and share the first thing they see on a webpage or another social website.
IMO, they are decadent and I really don't like them (I might have mentioned "hate them" before, in my previous post... that might have been a bit harsh).
For the record, yes, I do have a FB profile, but I opened the profile back on 2006 or 2007, can't really remember... in any case, a friend gave me the link, told me to join FB, I had no idea what it was so I joined(I like experimenting and trying out new things). If I knew that FB would become what it has become today, I would have never joined.
And you've missed the point about what was requested. It isn't about content being shared to those platforms, but about people coming to your platform and registering an account without half the hassle, and actually doing so more securely by not having to reuse passwords.
Quote from: Arantor on July 07, 2018, 04:09:12 AM
And you've missed the point about what was requested. It isn't about content being shared to those platforms, but about people coming to your platform and registering an account without half the hassle, and actually doing so more securely by not having to reuse passwords.
Agree!
well, I disagree with the security aspect. Personally, I believe that using a social login makes it LESS secure, as now, all they have to do is hack your social account.
Quote from: Kindred on July 08, 2018, 08:55:49 AM
well, I disagree with the security aspect. Personally, I believe that using a social login makes it LESS secure, as now, all they have to do is hack your social account.
But fortunately that can never happen because the big social platforms are really on top of data security... :laugh:
laughter aside...
data breaches are not the only hack method of a user's account... social engineering/social hacking is more effective on an individual level
Quote from: Kindred on July 09, 2018, 09:00:56 AM
laughter aside...
data breaches are not the only hack method of a user's account... social engineering/social hacking is more effective on an individual level
I work in the security industry. (Not cyber, I hasten to add :laugh: )
You are 100% correct.
However people are great at password reuse, so if there are fewer passwords floating around it stands to reason that it's actually easier to not screw it up.
true... although I blame our IT departments. Forcing users to change passwords every 3 months just means that users will pick passwords that are simple or patterned, because otherwise, they'd never be able to keep track of the changes.
This carries over into non-work life and (as you noted) people tend to reuse passwords across multiple sites
Yup, so making users have to use fewer passwords makes it more secure.
Of course, something something password managers.
but then I have to remember the password to my password manager. :P
Yes, but you make it one super great passphrase. Something like Diceware.
To avoid derailing this thread, I have created a new thread re password managers here: https://www.simplemachines.org/community/index.php?topic=561196.0
where I have asked a few questions. Ta.
I don't know what happened with the mod:
https://custom.simplemachines.org/mods/index.php?mod=3580
https://docs.oneall.com/plugins/guide/social-login-smf/
Is there any way to use this mod for 2.1 RC4 or any other chance to have inbuilt login for social networks?
The mod was removed pending a review of some reported security flaws. We are working with the phpBB team to analyze the report and determine if it's valid. In the mean time, we removed the mod for further downloads out of an excess of caution. We will restore the mod if the result of the review are negative or if the issues reported are fixed.
Should I remove the mod from my other forum 2.0.18?
Because we are only looking in to it for now, we won't be issuing any recommendations either way at this point.