Idea: authorisation through social networks into the forum

Discussion of all aspects of the website, wiki, and forums, including assistance requests and new ideas for them.

Moderator: Forum Moderators

Post Reply
User avatar
Aldarisvet
Translator
Posts: 836
Joined: February 23rd, 2015, 2:39 pm
Location: Moscow, Russia

Idea: authorisation through social networks into the forum

Post by Aldarisvet »

I definitely know from my experience that registration is a problem that stops many from joining forums and Wesnoth forum in particular.
People often too lasy for it or experiencing some problem with regsitration process.
So the solution in the subject. I as sure that phpbb forums supports such standard thing, so people would be able to join Wesnoth forum, for example, from facebook, much easier.
facebook.com/wesnothian/ - everyday something new about Wesnoth
My campaign:A Whim of Fate, also see it's prequel Zombies:Introduction
Art thread:Mostly frankenstains
User avatar
Pentarctagon
Project Manager
Posts: 5521
Joined: March 22nd, 2009, 10:50 pm
Location: Earth (occasionally)

Re: Idea: authorisation through social networks into the for

Post by Pentarctagon »

This does seem to be a feature that can be enabled on phpBB 3.1/3.2, however the forums are still on 3.0.14. The upgrade is also currently blocked by this issue, and additionally, I am not sure that someone who logs in via Facebook/etc would be recognized by Wesnoth's MP server.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
User avatar
Aldarisvet
Translator
Posts: 836
Joined: February 23rd, 2015, 2:39 pm
Location: Moscow, Russia

Re: Idea: authorisation through social networks into the for

Post by Aldarisvet »

Pentarctagon wrote: I am not sure that someone who logs in via Facebook/etc would be recognized by Wesnoth's MP server.
That one thing is not a problem at all. Those who want to be recongnized by MP server lately could register in the forum by the normal way. The main issue is to ease the process of joining the community and registering is a barrier in fact. Many lurk in the forum for years without registering but could get involved and write something given easier registration.
facebook.com/wesnothian/ - everyday something new about Wesnoth
My campaign:A Whim of Fate, also see it's prequel Zombies:Introduction
Art thread:Mostly frankenstains
User avatar
Pentarctagon
Project Manager
Posts: 5521
Joined: March 22nd, 2009, 10:50 pm
Location: Earth (occasionally)

Re: Idea: authorisation through social networks into the for

Post by Pentarctagon »

Aldarisvet wrote:
Pentarctagon wrote: I am not sure that someone who logs in via Facebook/etc would be recognized by Wesnoth's MP server.
That one thing is not a problem at all. Those who want to be recongnized by MP server lately could register in the forum by the normal way. The main issue is to ease the process of joining the community and registering is a barrier in fact. Many lurk in the forum for years without registering but could get involved and write something given easier registration.
However, that then would create confusion as to why their forum login and MP server login aren't linked, while other people's are. There's already occasionally confusion regarding the fact that multiple people can use the same MP server login if it's not registered on the forums, or thinking that registering on the unofficial ladder site functions the same as registering here in regards to reserving the username on the MP server, and I don't want to add another way for how this works for people to misunderstand or misinterpret.

Also, to be blunt, it would just plain be a step in the wrong direction, as personally I think requiring a forum account as a pre-requisite for logging into the MP server would be a good idea for a couple reasons(though this is not up to me, for better or worse). But at the very least, all forum accounts should be equal, which is certainly possible, but would require some upgrades to how Wesnoth handles logging in.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
User avatar
Elvish_Hunter
Posts: 1575
Joined: September 4th, 2009, 2:39 pm
Location: Lintanir Forest...

Re: Idea: authorisation through social networks into the for

Post by Elvish_Hunter »

Aldarisvet wrote:The main issue is to ease the process of joining the community and registering is a barrier in fact. Many lurk in the forum for years without registering but could get involved and write something given easier registration.
This might not be necessarily a problem. Apart from the fact that I don't see where's the difficult in compiling a form with just a username, an e-mail and a password (almost every social network requires much more informations upon joining, not to mention how much data they collect upon using them), making things too easy might be detrimental.
Quantity over quality isn't always a good thing: for example, did you ever hear about CampGen? It was a script that, around version 1.2, allowed users to create campaigns without knowing WML. The result was that the 1.2 server was then filled with useless (to say the least) add-ons: if you go and learn WML to make a campaign, usually it means that you care enough about this game and this community to do so. But if someone can't even be bothered to compile a simple form to register, how high are the chances that, by making registrations just a bit easier, we'll get new users who really care about Wesnoth? :hmm:
Just my two cents.
Current maintainer of these add-ons, all on 1.16:
The Sojournings of Grog, Children of Dragons, A Rough Life, Wesnoth Lua Pack, The White Troll (co-author)
Tad_Carlucci
Inactive Developer
Posts: 503
Joined: April 24th, 2016, 4:18 pm

Re: Idea: authorisation through social networks into the for

Post by Tad_Carlucci »

What you're talking about is called OAuth2 authorization.

There should be a module for the forums which enable that fairly easily. Getting the MP server to use it would require some effort but should not be too hard.

The problem with OAuth2 is it does not solve the problem it was designed for. Yes, it's very secure. But, to take full advantage of that security you must commit fully to it. That means you must abandon all other forms of user authentication and authorization. In other words, if you want the security advantages of OAuth2 you must require all users to use it. Not only must all users use OAuth2, they must all use the third-party service you've chosen. Typically, that means either Facebook or Google. There are a large number of alternative OAuth2 services. There is some work required to add each. Typically, you'll want to have both Google and Facebook; but you can add more.

The problem is: what to do about users who can't, or won't, create an account on your chosen third-party service; or who refuse to use that service's OAuth system?

For some sites, abandoning those potential users is preferable (perhaps even required).

Some install their own OAuth2 central system. This solves issue but greatly increases the work-load and attack surface.

The vast majority of sites, however, simply maintain some form of "old school" user authentication. This negates all advantages of OAuth2 turning into just a speed-bump for the development team: a box to be ticked off which does nothing but make the site look "modern" at the cost of added complexity and degraded maintainability.

I cannot see Wesnoth sacrificing a portion of the user base by requiring everyone to have a Facebook account. So, unless someone can show that adding OAuth2 to the mix would greatly increase the user base, I see no reason to waste time on it.
I forked real life and now I'm getting merge conflicts.
User avatar
Pentarctagon
Project Manager
Posts: 5521
Joined: March 22nd, 2009, 10:50 pm
Location: Earth (occasionally)

Re: Idea: authorisation through social networks into the for

Post by Pentarctagon »

I mean, it would depend on how much effort phpBB 3.2 ends up making it. The idea here wasn't to use it because it's more secure, it's to use it because it would make it easier for some users to have a forum presence without needing create yet another account. So if literally all that needs to be done is click a few buttons and phpBB handles the rest itself (since according to the thread I linked, it supports facebook and google as core functionality), then there doesn't seem to be a good reason not to enable it, assuming the MP server functionality can be sorted out.

But yeah, dropping users who don't have some OAuth2 account isn't workable. For starters, that'd include me at the moment :whistle:
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
User avatar
GunChleoc
Translator
Posts: 506
Joined: September 28th, 2012, 7:35 am
Contact:

Re: Idea: authorisation through social networks into the for

Post by GunChleoc »

Yep, me too. I don't want to join Facebook.
Post Reply