Yesterday, that1guy asked if we had played around with Facebook authentication in Drupal in a thread over on Drupal.org. We hadn't yet at the time, but not being the kinds of nerds to back down from a challenge, we started to look into it.
Thankfully, we didn't have to do much. Halkeye's already submitted a dev version of a Facebook authentication module for Drupal called, strangely enough, facebook_auth.
If you've used Drupal for more than a few days, you've probably noticed that installing new modules is generally pretty simple. You download the module, decompress it in your modules directory, activate it in your site's admin page, and fiddle with any settings as appropriate. If you have any questions, there's typically a good README file in the package that breaks them down for you. Piece of cake.
Unfortunately, facebook_auth installation wasn't quite that easy. Had to jump through a few extra hoops to get it to play nice. Chalk it up to the fact that it's still in the early dev phases of the dance competition, but the README file included in the package left a bit to be desired... Still, though, after playing around with it for a little while, we got it working on our development site.
First thing's first... Uses Drupal 5.2 with PHP 5.1.6 and MySQL 5.0.27. Halkeye says he's "fairly certain head will work for both 5 and 4.7," but we only tested with 5.2. Seems to work.
Ok, so first thing you need is the facebook_auth module, available over at http://drupal.org/project/facebook_auth. Download that and decompress it in your /modules directory just like you normally would. That should create a directory within /modules called /facebook_auth.
Before you get all click happy and start trying to activate it in Drupal, though, you also need to download the Facebook platform. Like the README says, you can currently find that at http://developers.facebook.com/clientlibs/facebook-platform.tar.gz.
And here's one of those places where the current README falls a little short. It tells you to extract the files from that tarball, but it doesn't say where. Not helpful. You'll want to extract the contents of that file into the facebook_auth directory. After you've done so, your directory structure should look something like this:
and within the facebook-platform directory:
Obviously, there are files in the client, footprints, and php4client directories, too.
Ok, for this all to work, you also need to get yourself a Facebook API Key. Assuming you don't have any apps registered...
- Browse to http://www.facebook.com/developers/apps.php and logon with your Facebook account info.
- Click "Apply for a key."
- Give a descriptive application name. Your users will see this when they try to use Facebook authentication, so you probably won't want to call it "Shiny Baboon Ass" (unless, of course, that's your domain name...). I'd suggest your site's title, but that's just me.
- Click Optional Fields to expand it.
- Customize the Support Email address field, unless, of course, you want your visitors sending their complaints to the email address you use for Facebook.
- Enter http://<yourdomainname>/facebook/ for the Callback Url. For instance, ours would be http://www.nerdliness.com/facebook/.
- Make sure Application Type is Website.
- Fiddle with any other settings you want, but be careful if you enter any IP Address of Servers Making Requests. Obviously, if you enter the wrong info, your app won't work.
- Click Submit.
You should now see an API Key and a Secret. Keep those handy as you'll need them in the facebook_auth configuration. There's a config.php file in the /modules/facebook_auth/facebook-platform/footprints directory that asks for them, but you don't need to worry about that. All you need to do is configure the module properly inside Drupal.
Those are the hard parts. From here on out, everything else is like you'd expect for a new module:
- Log on to your Drupal install as an account that can activate modules.
- Activate the newly installed module in Adminster->Site Building->Modules.
- Enter your API Key and Secret in Adminster->Site Configuration->Configure Facebook settings (and probably check the "Show button in login block" box, but that's up to you).
And that's it. If everything went according to Hoyle, your site should now allow users to logon using their Facebook creds.
How it Works
Ok, so now you have a Facebook button on your /user page. So what? Let's say a new user comes along and clicks that button. That user will be redirected to the Facebook site temporarily to enter their Facebook credentials. They'll also have the option to check a couple of boxes allowing your app to access their Facebook info (this is the screen where that Shiny Baboon Ass will appear...). Soon as they click that button, the facebook_auth module will create a new local Drupal account on your site associated with that Facebook account.
Couple of caveats. First, the facebook_auth module doesn't seem to pull much info from their Facebook account. After creating a test user in our sandbox, the new account didn't have an email address, etc. entered into our users table. That might be an issue for some, but seems like one that can be fixed in the module. I haven't investigated the Facebook API enough to know for sure yet, though. Still, though, if you have mandatory profile fields you expect everyone to fill out, you might be a little disappointed to find new users missing that data.
Second, this is a quick way to accidentally create multiple local Drupal accounts for the same user. For instance, I obviously have a local Drupal account on my box already. I also have a separate Facebook account. If I were to click the Facebook button and attempt to authenticate with my Facebook name/password, I'd end up creating a second Drupal account instead of logging in with my original.
You can get around that a bit by making sure your existing users know about the Facebook Identities tab the module adds to your user profiles. If you log in to Drupal as an existing user, you can associate your existing Drupal account with your existing Facebook account ahead of time, thus avoiding the duplicate user problem.
If you click our Log In link in the upper-right, you might notice, well, nothing new. No Facebook button. Yep. Like I mentioned, that there module's still in development and we'll need to do some more testing before we dare push it to our live site.
There are a few things we'd like to see added to the module, too. For instance, it would be nice if the module could prevent those duplicate accounts somehow... maybe by simply throwing up a warning to people letting them know what they should do if they already have a local Drupal account. Of course, that once can be nipped by throwing a warning on the site itself.
All in all, though, it definitely looks promising. We'll be keeping an eye on it.