News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Social Login inbuilt

Started by jack001, July 06, 2018, 12:07:52 AM

Previous topic - Next topic

jack001

Social login has become common to every forum. Why don't we make it an inbuilt function of smf 2.1? The most common logins through google, facebook and twitter can be made by default part of it. Just a suggestion.
https://www.edufor.xyz Edutainment forum - Education with Entertainment!

landyvlad

I would suggest it's because it opens potential security vulnerabilities, and that the primary focus is on making the forum stable with a few 'nice to have' basics (likes, mentions etc)

For 2.0.x There is already a mod - social login - that is excellent for what you are looking to achieve.   https://custom.simplemachines.org/mods/index.php?mod=3580

I'd be VERY surprised if oneall (the software mob) don't keep it updated to be SMF 2.1 compatible.  I'm confident they will.  http://docs.oneall.com/plugins/guide/social-login-smf/

The other reason to NOT have a unique smf-only solution is that the system oneall has allows people to use the same log in for multiple forums and websites.


Please note that I am in no way connected with oneall. Personally I'm getting rid of my social and tapatalk mods altogether.

Cheers
"Put as much effort into your question as you'd expect someone to give in an answer"

Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Be the person your dog thinks you are.

Arantor

Actually the reason isn't security, it's maintainability. The social providers change their APIs regularly, which means you'll have to update your forum more often, assuming the devs have time to keep up with the changes (remember, they're volunteers doing this in their spare time, not paid to look after it full time)

GigaWatt

I for one, wouldn't use SMF if it came with a social sites login option out of the box. Even if I had the option to disable it, I would still switch platforms.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Arantor

Ah so you're never, ever going to any of the paid platforms, nor to Discourse. Nor using Moodle for that matter.

jack001

Quote from: Arantor on July 06, 2018, 03:43:33 AM
Actually the reason isn't security, it's maintainability. The social providers change their APIs regularly, which means you'll have to update your forum more often, assuming the devs have time to keep up with the changes (remember, they're volunteers doing this in their spare time, not paid to look after it full time)
Is every social provider keep changing APIs? I was hoping to see the basic one like Google, Twitter and Facebook.
https://www.edufor.xyz Edutainment forum - Education with Entertainment!

Arantor

They change their APIs regularly. I used to work for a platform that spent a lot of its life posting to social media and I had to make changes every few weeks.

Kindred

Gigawatt,

Be careful of absolute statements like that.

It is unlikely that SMF will ever build a synced social login into the core for the reasons that Arantor indicates.
(also, it's theoretically less secure, since you could spoof someone's social account -- or once you hack the social account, you have access to every site they use social-sync logins)

but, saying "I would never use..." is a bit harsh and uninformed. If it was implemented, then just turn it off for your site. :P


And, Jack... yes - as Arantor says, they regularly change their API. it's a pain to deal with on personal sites, let alone on a platform level.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

GigaWatt

Quote from: Arantor on July 06, 2018, 10:20:26 AM
Ah so you're never, ever going to any of the paid platforms, nor to Discourse. Nor using Moodle for that matter.

Probably not... if they have features like social logins built in and even if there was no other free alternative, I'd rather spend 5 years developing my own software then to use that, that... whatever it is... because it's not a forum.

Quote from: Kindred on July 06, 2018, 12:18:45 PM
Be careful of absolute statements like that.

I meant what I said... and it's my choice, I'm not going against what I believe. If a question like this is raised, yes, I will be against it, but if SM does decided to implement this, I will be moving away from the platform.

I don't like having any code embedded in the software for my forum that is related with any social site, period. IMO, those sites are abominations that need to be wiped from the face of the earth. They serve no purpose except self promotion, laziness and gossip... one of humanity's worst personality traits.

On the other hand, if it was easier to completely remove the code from the software without having any negative impact on the software itself, then to switch platforms, in that case, yes, I would continue using SMF.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Arantor

Actually, guess what? You shouldn't even be using SMF 2.0 then because SMF 2.0 supports OpenID for logins which is essentially the same concept, just a different protocol to OAuth.

Also, you know what? Forums: the original social network. They're full of all the same traits, just slower, that you ascribe to social networks. A forum IS a type of social network by design, if it's not, you don't have group participation.

GigaWatt

Quote from: Arantor on July 06, 2018, 05:34:04 PM
Actually, guess what? You shouldn't even be using SMF 2.0 then because SMF 2.0 supports OpenID for logins which is essentially the same concept, just a different protocol to OAuth.

Yes, I did notice that and I and it's disabled. If I knew a way to remove it without harming the rest of the software, I would.

In any case, it's not the same. As far as I know, it's open source, not proprietary, like social website logins. Yes, they do share the API, but they're not open source projects, right.

Quote from: Arantor on July 06, 2018, 05:34:04 PM
Also, you know what? Forums: the original social network. They're full of all the same traits, just slower, that you ascribe to social networks. A forum IS a type of social network by design, if it's not, you don't have group participation.

Exactly, but, as the owner, you have complete control over the community. I don't have any control over what social media sites may or may not share from my forum.

And as I said, in most cases, forums (yes, you're correct, they are the original social network) usually attracted people with common interests, traits, professions, so they could share experiences and expand their knowledge (which is also one of the reasons I joined this forum), not just click and share the first thing they see on a webpage or another social website.

IMO, they are decadent and I really don't like them (I might have mentioned "hate them" before, in my previous post... that might have been a bit harsh).

For the record, yes, I do have a FB profile, but I opened the profile back on 2006 or 2007, can't really remember... in any case, a friend gave me the link, told me to join FB, I had no idea what it was so I joined(I like experimenting and trying out new things). If I knew that FB would become what it has become today, I would have never joined.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Arantor

And you've missed the point about what was requested. It isn't about content being shared to those platforms, but about people coming to your platform and registering an account without half the hassle, and actually doing so more securely by not having to reuse passwords.

jack001

Quote from: Arantor on July 07, 2018, 04:09:12 AM
And you've missed the point about what was requested. It isn't about content being shared to those platforms, but about people coming to your platform and registering an account without half the hassle, and actually doing so more securely by not having to reuse passwords.
Agree!
https://www.edufor.xyz Edutainment forum - Education with Entertainment!

Kindred

well, I disagree with the security aspect. Personally, I believe that using a social login makes it LESS secure, as now, all they have to do is hack your social account.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

landyvlad

Quote from: Kindred on July 08, 2018, 08:55:49 AM
well, I disagree with the security aspect. Personally, I believe that using a social login makes it LESS secure, as now, all they have to do is hack your social account.

But fortunately that can never happen because the big social platforms are really on top of data security...  :laugh:


"Put as much effort into your question as you'd expect someone to give in an answer"

Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Be the person your dog thinks you are.

Kindred

laughter aside...


data breaches are not the only hack method of a user's account...     social engineering/social hacking is more effective on an individual level
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

landyvlad

Quote from: Kindred on July 09, 2018, 09:00:56 AM
laughter aside...
data breaches are not the only hack method of a user's account...     social engineering/social hacking is more effective on an individual level

I work in the security industry. (Not cyber, I hasten to add  :laugh: )

You are 100% correct.
"Put as much effort into your question as you'd expect someone to give in an answer"

Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Be the person your dog thinks you are.

Arantor

However people are great at password reuse, so if there are fewer passwords floating around it stands to reason that it's actually easier to not screw it up.

Kindred

true...   although I blame our IT departments. Forcing users to change passwords every 3 months just means that users will pick passwords that are simple or patterned, because otherwise, they'd never be able to keep track of the changes.

This carries over into non-work life and (as you noted) people tend to reuse passwords across multiple sites
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Yup, so making users have to use fewer passwords makes it more secure.

Of course, something something password managers.

Kindred

but then I have to remember the password to my password manager. :P
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Yes, but you make it one super great passphrase. Something like Diceware.

landyvlad

To avoid derailing this thread, I have created a new thread re password managers here: https://www.simplemachines.org/community/index.php?topic=561196.0
where I have asked a few questions.  Ta.
"Put as much effort into your question as you'd expect someone to give in an answer"

Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Be the person your dog thinks you are.

pocttopus

#23
I don't know what happened with the mod:
https://custom.simplemachines.org/mods/index.php?mod=3580
https://docs.oneall.com/plugins/guide/social-login-smf/

Is there any way to use this mod for 2.1 RC4 or any other chance to have inbuilt login for social networks?

Kindred

The mod was removed pending a review of some reported security flaws.   We are working with the phpBB team to analyze the report and determine if it's valid.   In the mean time, we removed the mod for further downloads out of an excess of caution.   We will restore the mod if the result of the review are negative or if the issues reported are fixed.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

pocttopus

Should I remove the mod from my other forum 2.0.18?

Aleksi "Lex" Kilpinen

Because we are only looking in to it for now, we won't be issuing any recommendations either way at this point.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Advertisement: