| Community Auth for mobile login |
I've been using Community Auth for CodeIgniter 2.2.0 for many years to manage users in my CI website.
I now have a mobile app, and I've been trying to use Community Auth to manage user registration, login and access to website content. To begin I cloned the user.php controller (renamed to mobile.php) and send a username and password to a modified version of the login function: Code: if( strtolower( $_SERVER['REQUEST_METHOD'] ) == 'post' )The problems I've encountered seem to come from two sources: 1) UI rerouting to a login page. Since there are no html pages for a mobile device I can't seem to figure out a way to override this and replace webpage output with a json encoded message. (i.e. define('LOGIN_PAGE', 'login')  2) form_token. It seems Community Auth is looking for a form_token, however I have no idea where this is coming from or how to use it. It may not be possible to have mobile access co-exist with my traditional html form based login, so I've been thinking I might have to clone MY_Controller & Authentication.php to meet my needs. But before doing this I thought I'd see if there is an alternate approach, or find out if it can even be done. BTW: I was able to create a mobile login a few years ago using DX Auth. Thanks
It is interesting to hear about what you are doing. To be clear, it sounds like you are not using CI for web pages that are output to a browser, but rather some other output (json) sent to an app. Honestly, I've got no experience with making apps in this manner, if that is what you are doing. I don't think I could help unless I was able to reproduce your development environment. And also, to make things worse, development of the old version of Community Auth has stopped, and I'm now upstream by 122 commits on the new version!
LOGIN_PAGE is just the URI of your login page, and if your app has a place like that, that's where you want to send users to login. It sounds like you will require some hacking of Community Auth to get around that one. The form token that is generated is similar to CodeIgniter's CRSF token. A posted form token, generated by the tokens library, must match one placed in the tokens cookie, or the login is denied. BTW, Community Auth for CI3 is very much improved when compared to the old version. You probably have reasons for not switching, but if you get the chance to play around with it, I know you'd see the value. One of the biggest changes is that Community Auth no longer comes with the example application, and another big feature is that you can use multiple sessions without losing session security checks. This is pretty handy, because many people are connecting to the internet on multiple devices. I have a feeling that if I made changes to Community Auth for people who wanted an AJAX type login, then some of your problems would be solved. This is on the to do list for the new version. Maybe (just maybe), I'll start working on this tomorrow.
I'm more curious about this now, having thought about it, and realized I'm not sure I know what all of the objectives are to have authentication via AJAX or some other alternative. It's obvious that there would be a form where the user puts in their email address and password, but here's what I'm wondering about:
1) If the login attempt fails, is it enough to send back some JSON that says the attempt failed? 2) If the login attempt is successful, what exactly should be included in JSON that is sent back? If an AJAX type authentication makes its way into Community Auth, it'll probably just be an API type request/response with of course cookies/session being set. What do you think? What would you like to have happen?
You are correct, I do not using CI to display webpage content, just a json response. From within the app I can create a POST, identical in many ways to a form post, then the app creates the UI based upon the json response from CI.
Since Community Auth routes login attempts back to the html login page I could not figure a way to override this process without affecting the normal html login. To get around this I manually implemented parts of your Authentication.php library into a mobile controller. The login function runs the standard CI form validation and then performs the authentication functions: Code: $response = array(Now I need to see if I can maintain a login while accessing controller functions that uses something like: if( $this->require_min_level(1) ) It is indeed a hack, while I ponder a better solution. BTW: I have a control version of Community Auth for CI3 under evaluation for the next major revision of this CI Project. Thanks for alacrity in responding to my question.
You're on the right track by creating the mobile controller, and I think the output generated by Community Auth could be a rather simple fix.
I was thinking of a bunch of elaborate solutions, but even the following simple code might produce the output you need to log somebody in with a json response (not tested): PHP Code: public function ajax_login()This isn't complete of course, but I think you can see where is leads. Checking for role type or other things could be done and indicators sent with the response. I'm going to try to work on a more full featured API type login for Community Auth for CI3. Look for that in a commit coming in the near future, and perhaps you can implement it for your application.
Commits on Community Auth for CI3, made last night and this morning, now show a working example of AJAX type login. Please take a look at it, as it will probably show you what it takes to make the login work for the older version of Community Auth.
One thing that I'm wondering is about the level of trust that you have when doing something on a successful AJAX login. For instance, if the login was good, you would have your JS do something, but what's keeping the site visitor from just opening up their console and doing the same JS manually? I know in your case you would have an app, and it may not even be JS you are dealing with. Hope these commits help you.
(01-24-2016, 10:10 AM)skunkbad Wrote: Commits on Community Auth for CI3, made last night and this morning, now show a working example of AJAX type login. Please take a look at it, as it will probably show you what it takes to make the login work for the older version of Community Auth. Once the app receives an appropriate json response it would display the data requested. For example on login the app would display a user dashboard. Functions in the dashboard will call various functions in the mobile controller, each function will need to verify the user is logged in. |
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
