CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Authentication through the api
Pages: [1]

Author Topic: Authentication through the api  (Read 539 times)

jaapjansma

  • I post frequently
  • ***
  • Posts: 247
  • Karma: 9
    • CiviCoop
  • CiviCRM version: 4.4.2
  • CMS version: Drupal 7
  • MySQL version: 5
  • PHP version: 5.4
Authentication through the api
July 12, 2013, 01:20:35 am
hey,

Is it possible to authenticate a user through the api? I am building an external webapp but I want that users could login with the same credentials as they have provided in civicrm. I want to use the api for this. Basicly what I want is to retrieve some basic contact information based on their username and password, such as their civicrm contact id

Is this possible?

Thanks,
Jaap
Developer at Edeveloper / CiviCoop

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Authentication through the api
July 12, 2013, 09:19:49 am
The authentication isn't done in the api with the login pwd but by the CMS. check out with your cms how to do it and once you got the session cookie, you're all good.

X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

totten

  • Administrator
  • Ask me questions
  • *****
  • Posts: 695
  • Karma: 64
Re: Authentication through the api
July 12, 2013, 09:20:57 am
This sounds somewhat similar to what CiviMobile needs to do. It's basically implemented as a separate webapp (with mostly JavaScript, HTML, and the Civi API), and it provides its own login form. Of course, it's packaged/distributed as a CiviCRM extension, so it can do some PHP code -- which allows it to cheat and handle authentication by other means. I'm not familiar with all the details of their approach, but this seems to be the relevant code:

https://github.com/webaccess/com.webaccessglobal.module.civimobile/blob/master/code/civimobile.login.html

FWIW, in previous releases, it was possible to submit a username & password to the REST API, get back a PHPSESSID, and then submit the PHPSESSID. However, the feature regressed somewhere in the 4.3.x release process -- which is understandable because it didn't have test-coverage or an active maintainer. (See, e.g., http://forum.civicrm.org/index.php/topic,28517.0.html ). If someone wants to reintroduce this feature -- to write a cleaner implementation and unit-tests (along the lines of https://github.com/civicrm/civicrm-core/blob/master/tests/phpunit/WebTest/Utils/RestTest.php ) -- then it would be quite welcome. :)

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Authentication through the api
July 12, 2013, 09:56:58 am
Secure authentication is hard, it should be robust to brute force attack for instance. Not saying that the CMS does implement it, but at least if it fails, it isn't civi fault.

I wouldn't be keen either for instance of a login/pwd working over GET, already not a big fan of providing an alternative to the login system of the CMS.

So if you could work with the CMS login system, I think it'd save you a lot of time.

Authentication is hard, let's go shopping.

X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Authentication through the api

This forum was archived on 2017-11-26.