Jump to content
View in the app

A better way to browse. Learn more.
Invision Community

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Holiday Closure, Support Availability Notice

Creating an OAuth-Based Handler

By Mark (edited)

· 6,821 views

Note: For OAuth 2.0 based logins, administrators can normally use the "Other OAuth 2.0" option when creating a Login Method and provide more details in settings. However, you might want to implement a complete Login Handler to allow ease of setup or to provide additional options and features.

Note: This documentation assumes familiarity with common terms and concepts used by OAuth.

To make a Login Handler which uses OAuth, first change the class you have already written to extend one of these classes instead of \IPS\Login\Handler:

  • \IPS\Login\Handler\OAuth2 for OAuth 2.0 (all grant types supported)
  • \IPS\Login\Handler\OAuth1 for OAuth 1.0 (only 3-legged OAuth supported flow)

Implementing these classes will automatically add a number of settings to allow the administrator to provide a client ID, client secret, and to control syncing for display names and email addresses/ 

You will then need to implement a number of methods:

  • For all OAuth versions:
    • authorizationEndpoint() should return the authorization endpoint URL - note that you may want to pass an additional parameter for AdminCP or reauthentication logins to provide additional security in those contexts.
    • authenticatedUserId() should return the user ID of the authenticated user based on the access token passed. Note that for OAuth 2.0 an access token is passed, and for OAuth 1.0 both an access token and access token secret is passed.
    • If supported, additional methods to get additional information about the authenticated user based on the access token passed:
      • authenticatedUserName() should return the display name - you may want to add a setting to control if this is used or what kind of name is used (as is done for most of the built-in OAuth-based login handlers).
      • authenticatedEmail() to return the email address
  • For OAuth 2.0 only:
    • tokenEndpoint() should return the token endpoint URL
    • grantType() should return the grant type to use (in most cases this will be "authorization_code").
    • Optional: scopesToRequest() should return an array of scopes to be requested.
  • For OAuth 1.0 only:
    • tokenRequestEndpoint() should return the token request endpoint URL
    • accessTokenEndpoint() should return the access token endpoint URL

If the grant type you are using is button-based (which will usually be the case) you can also use the methods described in Creating a Button Handler to control the look of the button.

For an example of how to implement these methods, see one of the built-in OAuth-based login handlers.

Edited by Mark

    • Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.