Tag1 Consulting: Tag1's Recap of DrupalCon Portland 2024: Gander, Migrations & Human Connections

At the beginning of May, over a thousand people converged on the Oregon Convention Center in Portland, Oregon, for four days packed with announcements, learning opportunities, and comradery with the larger Drupal community. Among the many attendees, twenty-eight members of the Tag1 Team joined sessions, discussions, and led three impactful presentations – including the introduction of Gander as part of the Initiatives Keynote. Now that our team has slept off the jetlag and unpacked their bags, we’re reflecting on DrupalCon Portland and, specifically, Tag1’s highlights. Initiatives Keynote: Introducing Gander Tag1’s Strategic Growth and Innovation Manager, Janez Urevc , was invited to speak as part of the Drupal Project Initiatives Keynote on Day 3 of the conference. Gander was a hit! It was standing room only, and attentive attendees took notes and snagged the links to review more information at a later time. “While I presented at many DrupalCons in the past,” Janez said, “this was my first DrupalCon keynote. I spent significantly more time (and it was more stressful) preparing for those 6.5 minutes than for my entire 45-minute talk. But it was all worth it and I really enjoyed doing it at the end.” Janez introduced Gander , the...

Read more Jeremy Tue, 06/25/2024 - 06:57

Specbee: SAML and OAuth2 - What’s the difference and how to implement in Drupal

Before diving into the differences between SAML (Security Assertion Markup Language) and OAuth 2.0, let's first discuss what they have in common. Both are protocols used for authentication and authorization. While these terms are sometimes mistakenly used interchangeably, they serve distinct purposes. Authentication asks, “Who are you?”, whereas authorization asks, “What are you allowed to do?”.  This means that SAML and OAuth 2.0 are used for very distinctive purposes and work on different mechanisms. The good news is that Drupal integrates really well with both these protocols. In this article, we’ll talk about how different the protocols are from each other and also how to implement them in your Drupal 10 website. What is SAML SAML is an XML-based authentication system that works across different domains. It lets you do Single Sign-On (SSO), so you can access multiple applications with just one set of credentials. Key components of SAML 1. Assertions Assertions are the heart of SAML transactions. They contain information about a user, such as their identity, attributes, and authentication status. SAML defines three types of assertions: Authentication, Attribute, and Authorization Decision. 2. Identity Provider (IdP) The IdP is responsible for authenticating users and generating SAML assertions. It acts as a trusted entity that asserts the identity of users to service providers. 3. Service Provider (SP) It is the application or service a user is trying to access. The SP consumes SAML assertions and makes access control decisions based on the information provided by the IdP. 4. Single Sign-On (SSO): SAML enables SSO, allowing users to authenticate once with the IdP and access multiple SPs without re-entering credentials. The SAML Workflow User Access RequestA user attempts to access a service or application (SP). SP Initiated SSOThe Service Provider (SP) creates an SAML authentication request, initiating the process by redirecting the user to the Identity Provider (IdP). IdP AuthenticationThe IdP authenticates the user. SAML Assertion GenerationUpon successful authentication, the IdP generates a SAML assertion containing user information. Assertion Delivery to SPThe IdP sends the SAML assertion to the user's browser, which then delivers it to the SP. SP ValidationThe SP validates the SAML assertion, and if successful, grants the user access. Image source: Drupal.org Implementing SAML in Drupal 10 Ensure that you have Drupal 10 installed and configured. Ensure that Composer is installed on your local system before proceeding. Install the miniorange_saml Authentication Module: composer require 'drupal/miniorange_saml:^3.0' Enable the module: drush en miniorange_saml Configure your SP’s by following the steps mentioned in the “Readme.md” file of module. Checkout the official documentation of SSO using Google Apps as Identity Provider (IDP).Note: We can also configure SAML to work as an IdP for others which they can use to get sign into other’s platform using our IdP platform (Drupal). For more information please checkout the official documentation here. What is OAuth2 OAuth 2.0 authentication is a method of granting users access to a protected resource, such as a website or application, without sharing their username and password. Instead, the user grants permission to a third-party application, which then accesses the protected resource on their behalf.  This provides an extra layer of security and allows for more control over the user's data.OAuth2 is commonly used for social media, email, and other online services. The thing to note here is that OAuth2 is an authorization mechanism, not an authentication mechanism. Key Components of OAuth2 1. Resource Owner (User) The Resource Owner is an entity (typically a user) that owns the protected resources. These resources could include data, images, or any other type of information. 2. Client The Client, representing the application or service, initiates requests for access to protected resources on behalf of the Resource Owner. It may take the form of a web application, mobile app, or any other software application. 3. Authorization Server This is responsible for authenticating the Resource Owner(User), obtaining their consent, and issuing access tokens. It plays a pivotal role in the OAuth2 workflow, ensuring secure authorization processes. 4. Resource Server The Resource Server is the host for the protected resources that the Client intends to access. It verifies the validity of access tokens provided by the Client and provides the requested resources if the token is deemed valid. 5. Access Token The Access Token is a credential representing the authorization granted to the Client. It is a string that the Client includes in its requests to the Resource Server to access the protected resources. 6. Authorization Grant An Authorization Grant is a credential representing the Resource Owner's authorization for the Client to access their protected resources. There are various types of authorization grants, including authorization codes, implicit grants, client credentials, and resource owner passwords. 7. Redirection URI During the OAuth2 flow, the Client specifies a Redirection URI where the Authorization Server sends the user after authentication and consent. This URI is used to deliver the authorization code or access token back to the Client. 8. Scope The Scope parameter defines the range of the access that the Client is requesting. It specifies the permissions the Client is seeking from the Resource Owner. Scopes can be predefined or defined by the application. 9. Token Endpoint The Token Endpoint is an endpoint on the Authorization Server used by the Client to exchange the Authorization Grant for an Access Token. It plays a crucial role in the OAuth2 Token Exchange process. 10. Refresh Token The Refresh Token is an optional credential that can be used by the Client to obtain a new Access Token without requiring the Resource Owner to reauthenticate. It provides a way to extend the validity of the access. The OAuth2 Workflow The client initiates the authentication process by redirecting the user to the authorization server. The user authenticates with the authorization server and grants permissions to the client. The authorization server grants an access token to the client. The client presents the access token to the resource server to access protected resources on behalf of the user. Image Source: Oracle Implementing OAuth 2.0 in Drupal Let’s take an example of logging into a Drupal site using Google credentials: 1. Install and Enable the OAuth2 Authentication Module Download and install the OAuth2 Authentication respective module from the Drupal.org website or using Composer. Enable the module in the Drupal administration interface. 2. Configure OAuth2 Providers Navigate to the Configuration page and select OAuth2 Authentication settings. Add a new OAuth2 provider configuration by providing details such as client ID, client secret, authorization endpoint, token endpoint, and scope and save configuration. For detailed information please refer to module’s README.md file. 3. Test Authentication Integration Once the OAuth2 provider is configured, Drupal will handle the authentication flow automatically. Test the integration by logging out of Drupal and attempting to log in using the OAuth2 provider credentials. Verify that the authentication process is successful and that user accounts are created or linked appropriately. 4. Secure Access and Manage Permissions Ensure that access tokens are securely stored and transmitted to prevent unauthorized access. Manage permissions and access control settings within Drupal to restrict access to sensitive resources based on user roles and permissions. Key differences between SAML and OAuth2 Feature SAML OAuth2 Purpose Identify and Single Sign-On (SSO) Authorization and Access Control Use Case Authentication or Cross-domain authentication Authorization or Third-party application authorization Protocol Type Authentication protocol Authorization framework Authentication Flow Browser Redirect (POST or Artifact Binding) Redirect or Direct Communication Token Type Assertions (SAML Tokens, typically XML) Access Tokens like: JWT, Bearer Tokens, etc (typically JSON) Token Validations Signature verifications Token validation against Authorization Server Scenarios Often used for enterprise SSO Commonly used in API access and third-party integrations Use with APIs Less common for APIs authrorization Widely used for securing APIs’ and accessing resources Supported by Drupal Yes, via modules such as SimpleSAMLphp Yes, via modules like Social OAuth authentications Integration Complexity More complex due to SSO and identity mapping Generally simpler for basic use cases Use in Mobile Apps Possible, but less common Commonly used for mobile app authentication User Experience Seamless SSO experience for users Transparent authorization for users Examples in Drupal Modules SimpleSAMLphp, Shibboleth OAuth2 Authentication, OAuth2 Server Final Thoughts It's important to note that SAML and OAuth2 serve different purposes, and in some scenarios, they can be used together. For instance, SAML could handle authentication, and OAuth2 could handle authorization in a federated identity scenario. The choice between SAML and OAuth2 often depends on the specific requirements of the application and the use case. Drupal 10 provides modules for both SAML and OAuth2 to accommodate various authentication and authorization needs. Talk to our Drupal experts to find out how we, as a leading Drupal development company, can help build secure, robust, and user-friendly digital solutions with Drupal.

The Drop Times: Momentum for Change

Dear Readers,

Marketing in the open-source community often grapples with a unique set of perceptions and challenges. Traditionally, the open-source ethos values transparency, community collaboration, and accessibility, sometimes viewing commercial activities with scepticism. However, effective marketing is not antithetical to open-source values; it can amplify the reach and impact of projects like Drupal. By embracing strategic marketing, open-source projects can attract a wider audience, ensuring their tools and innovations benefit more users and contributors. This expanded reach helps sustain the project's growth and ensures it remains competitive in a rapidly evolving technological landscape.

The importance of marketing for open-source projects like Drupal cannot be overstated. It is not merely about promoting a product but telling a compelling story that resonates with potential users and contributors. Shawn Perritt, the Brand and Creative Director of Acquia, who is leading the brand refresh, believes that every great idea should live at the intersection of creativity and commerce.

According to Suzanne Dergacheva, the lead of the Promote Drupal team, strategic rebranding and marketing efforts help to refresh Drupal’s image, making it more relatable and appealing. These efforts ensure that Drupal continues to attract diverse contributors who bring fresh perspectives and innovations. The right marketing strategies help articulate Drupal's value proposition, highlighting its robustness, flexibility, and vibrant community, driving adoption and engagement.

The recent Drupal brand refresh, discussed at the Drupal Branding Panel session at DrupalCon Portland 2024, exemplifies how marketing can reinvigorate an open-source project. The rebranding initiative introduces new design elements and a refreshed DrupalCon logo, better capturing the spirit of open source and Drupal’s innovative edge without losing its core values. This strategic rebranding is not just a visual update; it represents a concerted effort to position Drupal as a leading digital experience platform, ensuring its relevance and appeal in the market.

With that, let's move on to the important stories of last week.

Last week, Suzanne Dergacheva, co-founder and strategist at Evolving Web, also the lead of the Promote Drupal Initiative and a member of the Drupal Branding Panel, spoke with The DropTimes. In this interview, Suzanne discusses the ongoing Drupal rebranding efforts. She shares insights into the key factors that prompted the rebranding, the collaborative contributions from the community, and the challenges faced in a competitive landscape. Suzanne also highlights how the new branding strategy aligns with Drupal’s commitment to the open web and the significance of community feedback in shaping the final decisions. This conversation provides a comprehensive overview of the exciting changes underway for Drupal, complementing our earlier interview with Shawn Perritt, about the brand refresh.

Another highlight from last week is that Kazima Abbas, sub-editor of The DropTimes, had the chance to connect with Christina Lockhart, Digital Marketing Manager with the Drupal Association. The interview explores her role in promoting Drupal through digital marketing, her efforts to empower women in the tech community, and her initiatives to support women within the Drupal ecosystem. Christina also shares her insights on ensuring equal access to leadership roles and the potential impact of emerging trends like AI on Drupal's future.

The 20thDrupalJam was celebrated in Utrecht, the Netherlands, with over 330 participants in attendance. This year's event was especially festive, highlighted by a personal keynote from Dries Buytaert. The day featured a variety of engaging presentations, insightful workshops, and stimulating discussions and panels. Esmeralda Braad-Tijhoff shared the key highlights.

The Drupal AI Meetup debuted last week, marking the beginning of a series of quarterly meetups dedicated to exploring the intersection of Drupal and artificial intelligence. This new initiative aims to bring together enthusiasts and experts to delve into the dynamic fusion of these fields, writes Nico Grienauer, the event organiser.

Drupal 10.3 is available now! Drupal has announced the release of Drupal 10.3, the third and final feature release for Drupal 10. This update introduces several new features, including an experimental Navigation user interface, stable Workspaces functionality, and Single-Directory Components support, among others.

A significant development has emerged in the Drupal ecosystem with the announcement of a new AI Initiative module. Reported by Jamie Abrahams from FreelyGive and Marcus Johansson from OSK Berlin, this module aims to consolidate the best features of various AI modules into a comprehensive set of foundational tools for all AI applications in Drupal.

Last week, Drupal introduced a new community Frontend Bundler Initiative to address the lack of a standard method for installing JavaScript dependencies in Drupal. The initiative aims to create a unified approach to managing these dependencies, drawing on discussions and collaborations with key contributors like Lee Rowlands and Théodore Biadala. Additionally, Jürgen Haas announced the release of ECA 2.0.0 for Drupal 10.3 and 11, featuring significant improvements such as dynamic event subscriptions, 74 new plugins, and a comprehensive code clean-up. 

Aten Group is hosting a webinar titled "Migrate with Might: Tips and Tricks for Drupal's Migration Tools" on June 26, 2024, at 2 PM EDT. Joel Steidl, VP of Engineering at Aten, will lead the session. The webinar aims to explore Drupal's versatile migration system, which is instrumental in data integration tasks. The DropTimes has released a complete list of Drupal events for this week. Find the guide here.

In interesting news, Lauri Timmanee has joined the DrupalCamp Spain 2024 as the featured speaker. The event has also extended its deadline for papers until June 30, 2024, and has opened the call for training proposals. Also, Submissions for the 2024 Splash Awards Deutschland und Österreich, honouring outstanding Drupal projects in Germany and Austria, are now open until July 31.

PHPCamp 2024, held on June 8th, was a resounding success. The event stood out with its relaxed atmosphere, where knowledge-sharing, impromptu demos and collaborative problem-solving took centre stage. 

amazee.io has partnered with ANNAI Inc. to bring its open-source Platform-as-a-Service (PaaS) to Japan. The company aims to empower local businesses with scalable, flexible application delivery and hosting solutions.

We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now.

To get timely updates, follow us on LinkedIn, Twitter and Facebook. Also, join us on Drupal Slack at #thedroptimes.

Thank you,
Sincerely
Alka Elizabeth
Sub-editor, The DropTimes.

Talking Drupal: Talking Drupal #456 - DDEV Grows Up

Today we are talking about DDEV, The DDEV Community, and It’s Future Sustainability with guest Randy Fay and Andrew Berry. We’ll also cover DDEV Drupal Contrib as our module of the week.

For show notes visit: www.talkingDrupal.com/456

Topics
  • What is DDEV
  • In March you posted the DDEV Project Plan for 2024, what is the contributor training initiative
  • DDEV has grown rapidly over the past few years, what do you attribute that to
  • You seem to be the face of DDEV, who else is involved
  • How is DDEV funded
  • What happens when you retire
  • Does the DDEV Foundation have employees
  • What is DDEV coded in
  • What is your favorite feature of DDEV
  • What is next
  • How can people get involved
Resources Guests

Andrew Berry - deviantintegral

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Randy Fay - rfay

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

  • Brief description:
    • Have you ever wanted a local DDEV environment optimized for working on a Drupal contrib project? There’s a DDEV add-on for that.
  • Module name/project name:
  • Brief history
    • How old: created in Apr 2023 by Moshe Weitzman, a Drupal core maintainer, and according to his resume the first American to contribute to Drupal
    • Versions available: 1.0.0-rc8
  • Maintainership
    • Actively maintained
    • Test coverage
    • Documentation - Lengthy README
    • Number of open issues: 2 open issues, 1 of which is a bug
  • Module features and usage
    • The add-on adds two ddev commands to help during setup:
    • ddev poser creates a temporary composer.contrib.json, adding drupal/core-recommended as a dev dependency. It also runs composer install and yarn install so that all dependencies are available
    • The additional ddev symlink-project command adds symlinks from your project files to an expected path within the custom modules directory of the installed version of Drupal
    • Once it’s set up, you can easily run tests locally exactly the way they will be run in GitlabCI. It’s also even easier to apply any of the automatic fixes that are available, for example by running ddev phpcbf or ddev eslint with the –fix flag
    • You can also commit the generated .ddev directory inside your project, to make it easy for other contributors to use the same tools
    • I will note that after running ddev poser I got errors trying to use composer to add any other projects to the local environment, for example to use admin toolbar for manual testing
    • That said, this is another great example of how the set of Drupal developer tools is always improving, and also illustrates to the power of DDEV’s add-ons

LN Webworks: How To Create local Task Tabs Through A Custom Module

Image removed.

In Drupal, local tabs are an essential feature used to organize and display multiple configuration pages in a user-friendly manner.These tabs group related pages together, providing an intuitive and seamless navigation experience. 

By using local tabs, administrators and users can easily access different settings and configurations from a single interface without having to navigate through multiple pages. This functionality enhances the overall user experience, making it easier to manage and configure various aspects of a Drupal site efficiently. 

To create the Drupal Local tabs we can follow these steps:

Create A Module

  • First Create a module  For example “custom_module” 
  • After that define the custom_module.info.yml File in your custom module directory 

Structure:

custom_module/

 Custom_module.info.yml

  • In this file, you can define your module name,  version, and description 

  name: Custom Module
                    description: Custom Module
                     type: module
                     core_version_requirement: ^8 || ^9 || ^10

Web Wash: New Navigation Sidebar (Experimental) in Drupal 10.3

Drupal 10.3 introduces a new experimental navigation module, offering a modern alternative to the traditional toolbar.

Key features of the new navigation bar:

  • Located on the left side of the screen.
  • Automatically expands menus on hover.
  • Allows users to drill down through configuration pages.
  • Replaces the top toolbar on the home page.

To try it out:

  1. Ensure Drupal 10.3 is installed.
  2. Go to “Extend” and search for “navigation”.
  3. Install the “Navigation” module (not “Navigation top bar”).

The new navigation bar provides a fresh, modern look for Drupal sites. However, as an experimental module, it may contain bugs or undergo changes in future updates.

Those interested in exploring this new feature can install the navigation module and experience the updated interface firsthand.

What new Drupal 10.3 feature are you looking forward to?

The Drop Times: Drupal Gutenberg v4.0 to Introduce Major UI Refactor and Enhanced Editing Features

Drupal Gutenberg v4.0, set for release in August 2024, will feature a major UI refactor specifically tailored for Drupal, moving away from WordPress components. It will introduce single-field editing and make the editor entity agnostic, allowing for editing various content types. The update will also integrate with the Drupal Starshot initiative, enhancing the overall Drupal editing experience.

Golems GABB: Drupal 11 Modules Overview

Drupal 11 Modules Overview Editor Mon, 06/24/2024 - 15:36

Have you been thinking about making a serious improvement to the performance of your Drupal site? It is supposed that Drupal 11 will be released sometime this year. So, the upcoming version of Drupal promises many big moves on many grounds, including improving several core aspects of the CMS. Here's a brief overview of what’s new in Drupal 11:

Subscribe to