Is it possible to authenticate from outside?

Yaro

Member
There is REST API to create new / update existing user in Xenforo from your application. But is it possible to authenticate user on Xenforo using your application?.. I.e. - raw clean ("New Private Window") user authenticates on my site.com and I am also (somehow) authenticate him on Xenforo as well. Is it easy? Do I need to have both my app (where login happens) and Xenforo to live on same domain? Thanks!
 

dknife

Well-known member
There's an auth endpoint on the API that allows you to test a username/password combination but if you want to integrate the actual user information into a site outside of XenForo you really have to be on the same server and bring in XenForo's structure into your site. I've been using XF for user auth and profile for years now on my site outside of the forums and doing it for XF2 now as well on dev.

As for the domain it will likely require the same as it will be pulling cookie/session information from whatever is configured for XenForo. I don't know enough about how XF works with cookies and CORS to really comment.
 

Yaro

Member
I have my own users' DB and want to keep it like this, what I want is for my users to be able to use forums to talk. For this purpose I need (1) to be able to push/update User entity from my site to XF2 (that is doable via REST) and (2) to authenticate users on XF whenever they authenticate on my site.

I want to turn off any user management routines like passwords changes, email changes, etc on XF. This will be done only on my site. What you are suggesting is something opposite - i.e. use XF's user management routines for my main site which I don't want.

Thanks!
 

dknife

Well-known member
I believe XenForo has an external auth framework which is used for Google/Twitter/Facebook login and there are some addons which hook into other resources as well, like OAuth which you could implement on your site. So... possibly? I only have experience in hooking into XFs auth, not the other way around sorry.
 

Yaro

Member
well, that is number #1 for me in order make XF usable on my site :(

To re-phrase my question with example:
- I have running live site at "mysite.com"
- that site has its own userbase with all the details (emails, passwords, etc)
- I will have no problems syncing userbase from mysite.com (master) to XF (slave) and probably just resetting passwords in the process...
- I need to understand if I will be able to authenticate users on XF (slave) when they fill-in login form on mysite.com

if doable it should be probably something like this:
// on successful login
...
include someXFinjector.php
XF->authAsUser('username123');
...
// -------

or maybe via JWT in cookie? (that would require shared domain though but I can handle that I guess)

anyone? tx
 

dknife

Well-known member
Yes I believe you can do that. Depends if you really really need to handle the login outside of the forum or not. On my site I have the login/register link in the menu outside of the forum so any page the user is on they're able to click the login which takes them to the standard XenForo login page. Once authenticated, XF will automatically return them to the referrer page.

If you want to handle it within your own form or in an AJAX handler, there is some sample code posted by members here achieving auth within the XF framework outside of the forum itself.
 
Last edited:

Tracy Perry

Well-known member
And this would have been be a great question for the staff members to solve, instead of the XF customers do the customer support job for them.
Well, I'd agree that it might be a great one to solve... IN THE RIGHT AREA.
The correct response for here would have been:
No, it's not possible.
Yes, it's possible, but detailed assistance is provided in the appropriate area <insert link to area here>.
And it does NOT take an XF developer to answer that.
And it's not unusual if the script does not work as needed for XF to refund the purchase as long as it's justified, unlike most other script developers.

You see, technical help is RARELY provided in a pre-sales area.... and it looks like he DID get an answer, the first one after his post. It simply wasn't at the detail level he wanted/needed to perform what he was doing.. again, which would be NORMAL in a pre-sales question area.
And to top it off... nowhere are you guaranteed XF Developer support in the forum. If you need support, you submit a ticket. Been that way since I got my first license back in 2012. It was a COURTESY that developers did respond in the forum... The forum has ALWAYS been targeted towards fellow license holder support. It was one of the things I liked about it over IPS... IPS didn't want ANY real support done in their forum, and insisted on tickets. And most of their forum participants weren't able to answer any technical questions because they were not, in reality, a system administrator, they were simply a manager.
 
Last edited:
Top