1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best approach for custom Authentication

Discussion in 'XenForo Development Discussions' started by LennardF1989, Jul 11, 2013.

  1. LennardF1989

    LennardF1989 Member

    Hello all,

    I'm migrating a phpBB3 forum to XenForo. The phpBB3 forum uses an external login page to sign the user in. It works somewhat like this:
    - User clicks "login" and gets redirected to a portal to provide his credentials.
    - If the credentials are valid the user is redirected back to forums authenticate.php passing along a sessionTicket.
    - The sessionTicket is validated using an external API call. If it's valid, an account is either created or the user gets logged in.

    I came across the Kotomi script, as well as the REST XenForo API and understand how they work, I was just wondering, is there a better approach to this? Are there hooks in place? Controllers I can extend to do it more gracefully in a XenForo accepted way, perhaps through an add-on?

    Any pointers would be very appreciated as the amount of features available on this forum system is very overwhelming due to the lack of clear documentation.

  2. tyteen4a03

    tyteen4a03 Well-Known Member

    I'm confused - is the actual user table accessible by you, or by APIs like OAuth only?
  3. LennardF1989

    LennardF1989 Member

    When validating the sessionTicket, the API responds a special key to me which I can use in another API call to request user information on which basis I can either create an internal forum account or login an existing one.

    EDIT: It's not OAuth or whatever, it's a very simplistic in-house system which does exactly as I described: Tell you - by validating the recieved sessionTicket with an API call - which user logged in.
    Last edited: Jul 11, 2013

Share This Page