Integrating the Passport with the Forem Ecosystem

This is the second post of a series that covers the new Forem Passport service provider, which integrates with the Forem open source software behind DEV and other communities.

Upcoming Forem Passport Projects

This service provider is such an exciting project in my view, because of the power and flexibility baked into the OAuth protocol. Not only does it help solve a problem we had (i.e. compliance and support across different platforms), it also interacts with many different core and ecosystem projects.

Some of the projects that relate to Forem Passport in one way or another are:

Android Mobile App

We just released the first few versions of our beta Android app!

Are you interested in being part of the closed beta? Do you want to be notified when the open beta rolls out? Drop a comment below and we’ll contact you.

iOS Mobile App

Version 1.2.2 includes the Passport integration already! Try it out now

Better Tooling for Creators to Fight Abuse

In a network of Forem sites, smaller instances might benefit from abuse control measures taken in bigger instances, like DEV. This could include propagation of banished users (at least to flag as likely abusers) throughout the network, making everyone safer.

⚠️ Abuse in this case refers to anything that doesn’t adhere to the Forem's code of conduct or terms and conditions.

Please note that this is still in ideation and hasn’t yet been discussed in great depth.

Better Integration Between the Passport and the /admin Dash for Creators

We can automate the process of enabling the Forem authentication for a creator (directly from their /admin dashboard) a lot more than its current form.

This idea has definitely been discussed and it’s actually a high priority goal. We want to make it as easy as possible for creators to enable the Forem passport integration so more users can benefit from it across the ecosystem.

Push Notifications for Mobile Apps on Self-Hosted Forems

We can’t openly give out our PN certificates to deliver push notifications to self hosted Forems. So, in order to overcome this we could rely on the authorization and not authentication aspect of the OAuth protocol.

The objective of this project is to implement a mechanism relay PN delivery to the Passport via API calls if the certificates aren’t available (self hosted sites).

This would only work for users that have connected their accounts with the Passport, because that’s the key part of how we would avoid abuse from any bad actor if they happen to spam their users.

Allowing for Social login within Forem Passport itself

We heard you like service providers, so we’re planning to integrate service providers on our service provider 😆

In all seriousness, since we have more control over Forem Passport, we could implement many customized authentication providers and make them compatible with our whole ecosystem (i.e. mobile apps).

Easier account management across many Forem sites

You could in theory propagate a new profile picture across many Forem sites at once, directly from Forem Passport.

This isn’t implemented and hasn’t even been discussed in depth either, but OAuth should allows us to make some of these integrations possible.

Open sourcing the Passport codebase

The core Forem software has been open source for a while now, and we want to open source this project as well in the near future for many reasons.

Our intention is to solidify the Passport project a bit more (i.e. have better abuse control) and other details sorted out before publishing the repo. We’ll be sure to communicate when this happens!

Invitations & Closing Note

Phew! We've covered a lot in this series so far. 😄

Invitations:

• We’re interested in your feedback on all of the above, so please share your thoughts with us in the comments below.
• Do you already have an account on https://passport.forem.com? Please leave us a comment below! What are your thoughts? Which upcoming project from the list above interests you most? Any other crazy ideas you might think would be cool to integrate with the Passport project?
• Try it out Version 1.2.2 of the Forem iOS app, which includes the Passport integration
• Reminder that you can comment below if you'd like to be part of our closed beta test for the Forem Android app

Closing Note:

We’re actively working on Forem Passport (i.e. design overhaul, abuse control features, new integrations, etc) so expect changes, big and small, to roll out on a weekly basis.

---

In the next post in this series, I’m going to explain how we managed to implement the Passport project from a technical perspective. Keep an eye out for it in the next few days.

Comments

[Ildi]

I signed up for the Forem Passport using the same email I used to sign up to Forem communities before Forem Passport was launched. Then I went into my profile settings on Codenewbie, Forem, and DEV which I was already registered on and clicked the "Connect Forem Account" button. I noticed my old account is now merged to the new Forem Passport. Can you explain how this works?

When I was going through this process, it wasn't clear to me that my old account would be merged to my Forem Passport as long as I used the same email. Im assuming users will want to know about this info.

I have been using the Forem iOS app since it went public and I have experienced a bit of frustration when having to sign up/sign in seperately for each Forem community so the Forem Passport will certainly remove that pain point.

In all seriousness, since we have more control over Forem Passport, we could implement many customized authentication providers and make them compatible with our whole ecosystem

So im guessing this nicely sets up the option to add sign in services like login.xyz on top of Forem Passport, which allows users to sign-in with their Ethereum wallet?

[Fernando]

Hi @ildi ! I'm glad you found this project helpful for that frustration you experienced. We certainly saw that pain point and wanted to ship something that would help every creator overcome this issue.

Then I went into my profile settings on Codenewbie, Forem, and DEV which I was already registered on and clicked the "Connect Forem Account" button. I noticed my old account is now merged to the new Forem Passport. Can you explain how this works?

The authentication flow works the same as it has in the past for all auth providers. I'm happy to share a quick summary of this!

1. If you're signed in with an existing account and visit /settings you'll find buttons to Connect <provider> Account
   • This means you will be able to sign in using that <provider> to access your account
   • Once you connect a provider you're also authorizing permissions. For example with GitHub you are able to share your GitHub account's repos in DEV's user pages
2. If you're unauthenticated (logged out) and visit /enter and click through Continue with <provider> or Sign up with <provider> you will be creating a new account
   • If an account already exists in the Forem instance with the same email as the one sent back by the provider (i.e. email used on Forem Passport) then "they will be merged as one". Same result as step 1 (connecting an account)
   • Otherwise a new account will be created just like

I'm using <provider> a lot above because the code works the same way for any provider, thanks to the OAuth standard 🙂

So im guessing this nicely sets up the option to add sign in services like login.xyz on top of Forem Passport, which allows users to sign-in with their Ethereum wallet?

Without having too much knowledge of how login.xyz works under the hood I do think this is the case 🙌🏼

IMO it would be easier for us to support more specialized providers in the Passport rather than the forem/forem codebase. This is specially true for providers that require some custom integration code.

An example of this is Facebook, from part 1 of this series. We're being forced to use the native SDK (on mobile apps) and this would only work on a 1:1 situation (mobile app <> website), not on the decentralized ecosystem of Forem (mobile app <> many websites). With the passport we're able to make this work (WIP though).

I'm happy to chat more about any of this, looking forward to continue working on growing the project and seeing it open sourced in the near future as well 😃

[Ildi]

Thank you for the summary! Im very interested in learning more about how the team will decide which login providers to add on top of Forem Passport next.

I mentioned login.xyz because tokenized communities are growing in popularity and most of them have been using Discord in combination with tools like collab.land. It would be awesome to have the option to experiment with token-gated communities using Forem.

[Jan Peterka]

I tried registering on Forem Passport, but submitting form (with name, username, photo) redirects me to empty form and that's it. Should I report it somewhere else?
UPDATE: so, problem was having . in my username. However, I got no indication of whats wrong.

Other than that, love your work on Forem!

[Fernando]

Thanks for sharing this @janmpeterka ! This is an interesting situation I hadn't noticed. I'll be sure to note this and hopefully ship a fix to have an error message visible in this case soon.

This one or any other reports can definitely go in forem/forem on GitHub or emailed to hello+passport@forem.com until we open source the passport repo 🙌🏼