Is it possible to authenticate from outside?

yar

Member
There is REST API to create new / update existing user in Xenforo from your application. But is it possible to authenticate user on Xenforo using your application?.. I.e. - raw clean ("New Private Window") user authenticates on my site.com and I am also (somehow) authenticate him on Xenforo as well. Is it easy? Do I need to have both my app (where login happens) and Xenforo to live on same domain? Thanks!
 
There's an auth endpoint on the API that allows you to test a username/password combination but if you want to integrate the actual user information into a site outside of XenForo you really have to be on the same server and bring in XenForo's structure into your site. I've been using XF for user auth and profile for years now on my site outside of the forums and doing it for XF2 now as well on dev.

As for the domain it will likely require the same as it will be pulling cookie/session information from whatever is configured for XenForo. I don't know enough about how XF works with cookies and CORS to really comment.
 
I have my own users' DB and want to keep it like this, what I want is for my users to be able to use forums to talk. For this purpose I need (1) to be able to push/update User entity from my site to XF2 (that is doable via REST) and (2) to authenticate users on XF whenever they authenticate on my site.

I want to turn off any user management routines like passwords changes, email changes, etc on XF. This will be done only on my site. What you are suggesting is something opposite - i.e. use XF's user management routines for my main site which I don't want.

Thanks!
 
I believe XenForo has an external auth framework which is used for Google/Twitter/Facebook login and there are some addons which hook into other resources as well, like OAuth which you could implement on your site. So... possibly? I only have experience in hooking into XFs auth, not the other way around sorry.
 
well, that is number #1 for me in order make XF usable on my site :(

To re-phrase my question with example:
- I have running live site at "mysite.com"
- that site has its own userbase with all the details (emails, passwords, etc)
- I will have no problems syncing userbase from mysite.com (master) to XF (slave) and probably just resetting passwords in the process...
- I need to understand if I will be able to authenticate users on XF (slave) when they fill-in login form on mysite.com

if doable it should be probably something like this:
// on successful login
...
include someXFinjector.php
XF->authAsUser('username123');
...
// -------

or maybe via JWT in cookie? (that would require shared domain though but I can handle that I guess)

anyone? tx
 
Yes I believe you can do that. Depends if you really really need to handle the login outside of the forum or not. On my site I have the login/register link in the menu outside of the forum so any page the user is on they're able to click the login which takes them to the standard XenForo login page. Once authenticated, XF will automatically return them to the referrer page.

If you want to handle it within your own form or in an AJAX handler, there is some sample code posted by members here achieving auth within the XF framework outside of the forum itself.
 
Last edited:
And this would have been be a great question for the staff members to solve, instead of the XF customers do the customer support job for them.
Well, I'd agree that it might be a great one to solve... IN THE RIGHT AREA.
The correct response for here would have been:
No, it's not possible.
Yes, it's possible, but detailed assistance is provided in the appropriate area <insert link to area here>.
And it does NOT take an XF developer to answer that.
And it's not unusual if the script does not work as needed for XF to refund the purchase as long as it's justified, unlike most other script developers.

You see, technical help is RARELY provided in a pre-sales area.... and it looks like he DID get an answer, the first one after his post. It simply wasn't at the detail level he wanted/needed to perform what he was doing.. again, which would be NORMAL in a pre-sales question area.
And to top it off... nowhere are you guaranteed XF Developer support in the forum. If you need support, you submit a ticket. Been that way since I got my first license back in 2012. It was a COURTESY that developers did respond in the forum... The forum has ALWAYS been targeted towards fellow license holder support. It was one of the things I liked about it over IPS... IPS didn't want ANY real support done in their forum, and insisted on tickets. And most of their forum participants weren't able to answer any technical questions because they were not, in reality, a system administrator, they were simply a manager.
 
Last edited:
If it’s that easy to answer, how about answering his question? Come on Ivan… be a little helpful instead of telling me off! 😂
Well, as mentioned... for as long as I've been a license holder (a decade) policy is help (specifically detailed) is not provided in the pre-sales question area. Getting a detailed answer is frequently addressed by either staff upon occasion or more frequently other users in an area that license holders can request support in.
Seems that way to many people that are using pirated copies come either here, in the bug reports area or the off-topic area looking for help.
That's why you will frequently see posts closed with the suggestion to link their account to their license.
The OP is a license holder and has successfully posted in areas that would be more likely to get him an answer. In fact, pretty sure he posted a very similar question in the development area. The forums have never been the "official support channel", but peer->peer.
 
Well, as mentioned... for as long as I've been a license holder (a decade) policy is help (specifically detailed) is not provided in the pre-sales question area. Getting a detailed answer is frequently addressed by either staff upon occasion or more frequently other users in an area that license holders can request support in.
Seems that way to many people that are using pirated copies come either here, in the bug reports area or the off-topic area looking for help.
That's why you will frequently see posts closed with the suggestion to link their account to their license.
The OP is a license holder and has successfully posted in areas that would be more likely to get him an answer. In fact, pretty sure he posted a very similar question in the development area. The forums have never been the "official support channel", but peer->peer.
Well, this is a solid answer! Maybe XF could try a new licensing model that provides more in-depth support for people that need it and don’t want to depend on the community. Might also give an extra boost to XF’s revenue. For an x amount of $$ you get an x amount of extra support cases, instead of a default of, let’s say, 2 cases or so.

Okta.com has a similar model. They give 3 support cases for free, and you can buy additional ones which provide also more in-depth support.
 
Well, this is a solid answer! Maybe XF could try a new licensing model that provides more in-depth support for people that need it and don’t want to depend on the community
Keeping a current licenses gives you unlimited tickets. I doubt that they would want the hassle of billing based up per ticket instances for those with an inactive license, and honestly, the actual cost would probably approach what a yearly renewal would amount to.
 
Top Bottom