Community Auth: Api alike login

I have actually a project where i want to set a url like this index.php/api/login
after some hours of read through the documentation, i found how the login method is done still not understand it at all, but if there's any pre-built-in function which would help me to do the next job:
1. user submit a forms with the password and email.
2. backend process it and check the database and return a login token which will be created and stored in a table (for the moment/testing, it should return the user's data then dont worry about this), this as a json object.

After some testing with the documentation examples i got this controller.

PHP Code:

class Api extends MY_Controller {
    public function __construct() {
        parent::__construct();
        $this->load->model( 'my_user_model' );
        $this->load->library('form_validation');
        $this->form_validation->set_error_delimiters('<label class="error-red">', '</label>');
    }

    public function login(){
        $CI =& get_instance();
        $_POST['login_token']=$CI->tokens->token();
        if ( $this->verify_min_level(1) ){
            $userID = $this->auth_user_id;
            $user_data = $this->my_user_model->get_user_data( $userID );

            echo json_encode($user_data);
        } elseif ( $this->tokens->match && $this->optional_login() ) {


        } else {
            //we add a value to the login_token
            $this->setup_login_form( TRUE );
            print_r($_POST);

        }

    }
} 


But i always get the print_r($_POST) output, I still not understanding very well how the login process is handled also about the my_user_model functions, is a set of cuntions made to retrieve some custom data from tables.

Also the Form is

Code:

<form action="index.php/api/login" method="post">
   <label>
       Email:
   </label>
   <input id="login_string" name="login_string" type="text" />
   <label>
       Password:
   </label>
   <input id="login_pass" name="login_pass" type="password" >
   <input id="login_button" type="submit" value="login" />
</form>

While there is not login_token hidden input, because it will be added in a static site, which wont be able to retrieve a token its generated and inserted in the form like you can see in the controller code.

Any help is great.

First, it seems that you are aware of the missing login token, and you will definitely need it to be able to login. I think you are perhaps misunderstanding the use of the tokens library. You should just consider the tokens the same as usage for CI CSRF tokens. I just happen to like the way mine works better.

Next, your usage of the tokens in your controller is flawed. The reason for this is that $CI->tokens->token() creates a new token, which you are applying to $_POST['login_token']. This will never work, because the freshly generated token will never match the one that was supposed to be generated and submitted for the login attempt. Also, in theory what you are trying to do is to circumnavigate proper token usage, which defeats the benefits of using them in the first place.

Next, if you want to return all of the user's data as a json object, that's just something that you would do with CI, and doesn't really have anything to do with CommunityAuth (unless you want this data available on every request). If you do want the data available on every request, you should read the blog post on the Community Auth website that addresses user profiles. It will give you some hints as to extending Community Auth to allow for customization of the auth data (and make profile data availiable).

So, check here first:
http://community-auth.com/blog-posts/int...r-profiles

Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3

After many time playing, i achieved what i was looking for, first i dropped the use of a optional login, and used the normal logging method which worked well, the use of the injected token worked also, i just wanted to use community auth as the auth provider for this "api" and achieved it like this:

first i changed the LOGIN_PAGE constant to be something like this api/failed <-- if the login attemps is failed of there is not login at all (which is detected with a token which is provided in the login) you will be redirected to this page where a code error is shown.

the the in the route for LOGIN_PAGE i have something like this api/bad_login
where the code print the error code resides.

in the login controller i have this:

PHP Code:

public function login(){
        if( $this->verify_min_level( 1 ) ){
            $userID=$this->auth_user_id;
            $salt_bytes = openssl_random_pseudo_bytes(16);
            $salt_hex = bin2hex($salt_bytes);

//some code which is the final verion of the code there

//this is encripted in client side
            echo json_encode( $new_user_data );

        }
//this makes community auth work in this "api" mode
        $CI =& get_instance();
        $_POST['login_token']=$CI->tokens->token();

        if( strtolower( $_SERVER['REQUEST_METHOD'] ) == 'post' )
        {
            $this->require_min_level(1);
        }

        $this->setup_login_form();

    }

    public function bad_login(){
        //functions to output errors...
//...
    } 


And that made it works, then in the pages to update the user info, the client provides the login token and the UUID and email in case of match it access is granted, if case of missmatch(also in partial matches, this mean if email matches but login not or token not, and same for all other data ) access is denied and all the tokens emails and UUID related to that device are deleted form database and client proceed to delete all the saved(encrypted info) and redirect to the login (static page) in client