Users login, authenticating over OAuth, without creation of a user folder in site\accounts and thus not listed in panel

Kirby 3
1

Hi,

What would the proper way be, to approach the following scenario:

  1. Allowing external users to login, OAuth authenticated, in order to access restricted content

  2. In templates and controllers we need to have access to the user object (name, email, group, etc.)

  3. Users should not be listed in panel, i.e. the user folder in site\accounts should not be created

Thank you in advance and best regards

P.S.
The only information I found was this: Restricting access to your site | Kirby CMS, which unfortunately does not help our case :frowning:

2

Maybe this is useful GitHub - HashandSalt/kirby3-auth0

It really just allows sign in and sign out at this point but feel free to build on it.

3

There is also this. one…

4

Thanks for the input. Will check out the plug-in for sure.

Actually is not the OAuth authentication I struggle with. The main issue is how to log in a user without creating the user folder in site\accounts in order for the users not to be listed in panel.

5

Which of the two is the thing you want to prevent? And why?
You could create the users and modify the users view to exclude those users.

As far as I can see, the authO plugin doesn’t create users, but is based on an external service. I’m assuming you are using a custom OAuth provider?
The Kirby-oauth plugin on the other hand creates users (and redirects those users to the Panel), but you probably want users without Panel access)

6

Both, preferably the users should not be created locally under site\accounts, which in result won’t show up them in panel.

Relaying on external OAuth service in order to authenticate the user is not an issue.

The issue is, how to log in a virtual user in kirby?

Not sure which method of $kirby , $users or $user model would need to be overwritten. Haven’t found any information on authentication flow in kirby.

7

Virtual users would still appear in the Panel, so this wouldn’t help much.

I’d say you don’t want or need users, but just create a session in the frontend from your oauth authenticated users.

Why don’t you try @jimbobrjames plugin, seems to do what you are looking for?

8

Thanks for the input.

This crossed my mind. However, was thinking that it might be solved more elegant way, by extending some of the core Kirby feature.

This plugin authenticates via Auth0, what we need is OAuth. Will use it as a guideline for sure, but for the authentication we are gonna go for league/oauth2-client.