Explanation:
Attempting to use this OAuth2 Plugin for CakePHP:
https://github.com/thomseddon/cakephp-oauth-server
Have followed the instructions, and am now going to this URL:
http://mysite/oauth/login?response_type=code&client_id=NGYcZDRjODcxYzFkY2Rk&
redirect_url=http%3A%2F%2Fwww.return_url.com
(We had made a client in the database with the same info he used in the example)
It brings up a log-in box for Email and Password, but fails authentication every time. I believe it's failing because by the time it gets to Cake's FormAuthenticate->authenticate() method, the settings have reverted to 'username'=>'username' and 'passwordHasher'=>'Simple'.
If we add these lines to the FormAuthenticate (above $fields = ...):
$this->settings['fields']['username'] = 'email';
$this->settings['passwordHasher'] = 'Blowfish';
Then the log-in works successfully.
Things We've tried:
Putting this in our AppController, the OAuthAppController, the OAuthController (all in beforeFilter):
$this->OAuth->authenticate = array(
'userModel' => 'Members',
'fields' => array(
'username' => 'email'
)
);
We've tried changing it to the new format like 2.3 in all of those places, as well as in the initial $components array in my AppModel:
$this->OAuth->authenticate = array(
'Form' => array(
'passwordHasher' => 'Blowfish',
'fields' => array('username'=>'email', 'password'=>'password'),
)
);
Closing:
At this point, I'm looking for any way (other than modifying the actual CakePHP core) to get it to be able to log-in with email instead of username (and hopefully that will solve the same issue with having it revert from Blowfish to Simple as well.
We've already tried heavily modifying the OAuth Plugin (to no avail) and aren't opposed to trying that again, but we can't figure out what to change.
