We are trying to include a 'Login with Facebook' button that will checks if there is a user with the fb_id that we pass in post, if so then login them in:
$id = Input::post('id');
$user = Model_User::query()
->where('fb_id', $id)
->get_one();
if ($user) {
Auth::force_login($user);
}
If I have guest_login enabled, this always logs in the guest user if I disable guest_login then I get a 500 server error and I'm not quite sure what I'm doing wrong.
force_login() requires a user_id, not an object, so you need to do
Auth::force_login($user->id);
But are you sure you want to do this, it is extremely easy to hack this, and to login as any user without knowing the password.
If you want to use Oauth logins like Facebook, it's better to have a look at Auth's Opauth extension (see the docs) which provide this feature completely integrated in Auth, and in a secure way.
You are correct, you can pass a \Model\Auth_User object as well, but you don't do that, you pass something called Model_User.
The Opauth extension is complete integrated in Auth, both for Ormauth and for Simpleauth, you can find information here: http://fuelphp.com/docs/packages/auth/opauth/intro.html and there is also an example of a login/registration controller so you can see how the extension works.
It looks like does not start new session. I use 1.8.2 on php 7.2.
Implementing impersonation fuctionality I destroy current session and than force_login(), but user does not look like logged in. Only when I added Session::start() after destroy it begins working... but when I used it with another fuel version (alas, I did not remember which) and php 5.6 it was working without starting session manually.