option to enforce oauth for some users

automatic style fixes and new workflows

better translation handling on exceptions

Fix check of valid email domains

use refresh token when AccessToken is about to expire

renamed our Service to Adapter to avoid confusion

Also added a mechanism to register Services from an adapter

removed lots of now unused code

make cookie login work, some more cleanup

another major refactoring

The new OAuthManager is now the main flow manager and should make it
easier to follow the flow. The Session class encapsulates all session
and cookie accesses. A new guid p

another major refactoring

The new OAuthManager is now the main flow manager and should make it
easier to follow the flow. The Session class encapsulates all session
and cookie accesses. A new guid paradigma should make invisible relogins
possible when the session expired. Needs all major cleanup but a first
login worked.

show more ...

minor cleanup

more fixes and cleanup

somewhat works already

initial begin of refactoring

using composer for the oauth lib dependency, autoloading for our own
classes. Services are now their own action plugins to inherit from our
Service class.

All still unt

initial begin of refactoring

using composer for the oauth lib dependency, autoloading for our own
classes. Services are now their own action plugins to inherit from our
Service class.

All still untested and broken

show more ...

Add keycloak as identity provider

Added Auth0 as an Oauth2 IdP (Oauth2)

Only force relogins during GET request to doku.php

Make getValidDomains more consistent and intuitive

Use more existing functions

Allow mailRestriction to multiple domains

Add option for custom redirect URI

If the wiki has per default a local TLD, it may be necessary to
specifies a public redirect URI for some services , e.g. Google, to
work.

Added Yahoo! as another provider

this also adds our own storage class

added a generic oAuth2 Adapter and implemented a Doorkeeper example

store no information in the redirect URL

Some providers need an exact matching redirect URL configured (Google)
so we can not keep any dynamic info in the URL. Instead we store it in
the user's sess

store no information in the redirect URL

Some providers need an exact matching redirect URL configured (Google)
so we can not keep any dynamic info in the URL. Instead we store it in
the user's session.

show more ...

Allow logins to existing accounts only with associated accounts

To prevent people can log into existing account with a newly created
social account with a forged email address. We only allow logins

Allow logins to existing accounts only with associated accounts

To prevent people can log into existing account with a newly created
social account with a forged email address. We only allow logins with
previously approved service providers.

When a user logs in for the first time, eg. the email does not exists,
then the user is created and the social account is approved
automatically.

show more ...

got Facebook working

renamed AuthService to Adapter