So I have a web site where you can login with a username and a password and I would like that with that one login, a session could be generated for converse.js
I've been reading the documentation and the SSO Support and I ended in an example repo for prebinding with php. link
I prepared an object wich should be the model I'll call from my controller, but there are some parameters I'm not sure what they are.
$xmppPrebind = new XmppPrebind('your-jabber-host.tld', 'http://your-jabber-host/http-bind/', 'Your XMPP Clients resource name', false, false);
$xmppPrebind->connect($username, $password);
$xmppPrebind->auth();
$sessionInfo = $xmppPrebind->getSessionInfo(); // array containing sid, rid and jid
The 3rd parameter on the XmppPrebind Constructor 'Your XMPP clients resource name' what is that?
Also when doing the connect function the parameters $username and $password...are those the one I get from my loging form (the one on my website) or some valid user & password pair on the openfire server?
'Your XMPP Clients resource name' = Any name you want, example: myWebChat
"Also when doing the connect function the parameters $username and $password...are those the one I get from my loging form (the one on my website) or some valid user & password pair on the openfire server?" Use prebind to make user autologin to your xmpp server when they login to your website, so the account must valid on xmpp server.
$sessionInfo will have sid rid and jid. Third parameter will be added to jid. You will get something like:
"you#conference.conversejs.orgYour XMPP Clients resource name"
So just set it empty.
I guess only first or third parameters should be set, not both in one time.
Related
I'm writing a simple RESTful service, using Phil Sturgeon Rest Server. Can anyone provide me a solution for login using username and password. I am able to get all the json reponse without login.
Porblem 1 : $config['rest_auth'] = 'basic';
An Error Was Encountered
The configuration file ldap.php does not exist.
The same happens with $config['rest_auth'] = 'digest';
I haven't used "ldap" earlier and don't know how it works apart from a few basic information. So could you please tell me what could be the reason for this error ?
Tried out Solutions
I changed the value of $config['auth_source'] = 'ldap'; to $config['auth_source'] = ''; , Now REST Login Usernames are working for both basic and digest , ie;
$config['rest_auth'] = 'basic'; or $config['rest_auth'] = 'digest';.
$config['rest_valid_logins'] = ['admin' => '1234','sudheesh'=>'test'];
Prevailing issue : unable to use session for authentication
Tried the commented notes from Phil Sturgeon ie;
Note: If 'rest_auth' is set to 'session' then change 'auth_source' to
the name of the session variable
How the session is created in MODEL, it is here :
if ($query->num_rows() == 1) {
// If there is a user, then create session data
$row = $query->row();
$data = array(
'id' => $row->id,
'name' => $row->full_name,
'email' => $row->email,
'phone' => $row->phone,
'acc_status' => $row->rec_status,
'validated' => true
);
$this->session->set_userdata($data);
//$this->session->set_authkey('1e957ebc35631ab22d5bd6526bd14ea2');
//print_r($data);
return $data;
Question is : How can I change the 'auth_source' to
the name of the session variable ,
Right now it is $config['auth_source'] = ''
Do i have to change it to : $config['validated'] , if I do this am not getting the access , I have read here that:
If you're tying this library into an AJAX endpoint where clients
authenticate using PHP sessions then you may not like either of the
digest nor basic authentication methods. In that case, you can tell
the REST Library what PHP session variable to check for. If the
variable exists, then the user is authorized. It will be up to your
application to set that variable. You can define the variable in
$config['auth_source']. Then tell the library to use a php session
variable by setting $config['rest_auth'] to session.
Is there any suggestions ?
Problem 2 : How can I grant API access to users with a valid username and password ?
Can anyone provide me with a function or detailed information on how to implement this ?
Other Doubts :
$config['rest_valid_logins'] = ['admin' => '1234'];
The description for this 'REST Login Usernames' says if ldap is configured this is ignored.
Question : How can I use this Array of usernames and passwords for login, without configuring LDAP.
REST Login Class and Function
This says, If library authentication is used define the class and function name.
The function should accept two parameters: class->function($username, $password).
In other cases override the function _perform_library_auth in your controller.
For digest authentication the library function should return already a stored md5(username:restrealm:password) for that username.
e.g: md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2'
$config['auth_library_class'] = '';
$config['auth_library_function'] = '';
Question: Can I use this to allow users with a valid username and password to access the API ? If Yes , Do you have any functions already written to help in this scenario , any help would be highly appreciated. Thank you very much .
If you know answers for any of my issues, please help. Thanks again.
Rather than attempt to address every single question posted by Sudheesh, I would like to propose an alternate solution.
Disclaimer: This is a commercial Joomla plugin, so please keep that in mind before proceeding...
Having experienced the same challenge as yourself, I ended up building a RESTful API framework for Joomla, powered by the Slim PHP micro-framework. This allowed me to leverage all the power of Slim, including it's standards-compliant routing architecture, request-type handling and much, much more. This also solved the problem of deal with authentication, access control, content management, database access, etc. because it runs on the Joomla CMS & Platform framework.
This solution provides exactly what you are looking for, easily extensible through plugins and is built on an already popular and well support RESTful API framework (Slim).
For more information on the micro-framework I used:
http://slimframework.com
For more information on the Joomla RESTful API package:
http://getcapi.org
What does it provide?
Control Panel for managing access tokens, API rate limitation and other Slim parameters
Pluggable framework allowing for easy incorporation of new web service routes (include new ones to be released soon, for MySQL, MSSQL, LDAP, etc.)
Based on Joomla. This means you don't have to worry about writing the authentication, access control, content management or other framework. It's already done!
Examples of how username and password can be passed through to create a logged in session via a URL request:
GET user/login/:username/:password
"User login authentication via Joomla authentication plugins with username and password. Note that since credentials are passed into the URL, be aware that they can be stored in server logs. API traffic must traverse a secure (HTTPS) connection."
Response: JSON
Example request:
GET https://yourdomain.com/api/v1/user/login/dynus.borvalds/3jf9LfjNdiw
Example response:
{"msg": "Authenticated","jresponse": true,"session":"1a36eab5e2b102a979918ee049f15e27","error": false,"status": 200}
The session ID can then be used to force log-out for that session using the method:
GET user/logout/:user/:session
Hope this gets you pointed in the right direction. Let me know if you have any questions.
When I try to POST user creation request it requires username and password to authenticate, but then I need to provide username for the new user. I can't understand how to write correct request for my task.
I'm using StreamClient.php, when I try to create a user I need to send post request:
$client->post('user', array('username' => $user, 'firstname' => $f, 'lastname' => $l));
If someone could provide a working example, it would be very helpful.
Dont use username for the new user. You would use "emailAddr"
Try this:
YOURDOMAIN.attask/api/user?updates={"emailAddr":"test#test.com","password":"userpassword"}&method=post&username=USERNAME&password=PASSWORD
or if that does not work and you are using the StreamClient.php
You should be logging in not in the same POST. For Example you would login:
$login = $client->login('LOGIN_USERNAME', 'PASSWORD');
Look at the StreamClientSample.php, around line 37 //login. developers.attask.com/api-docs/code-samples
Let me know if that helps
You will need to create an admin session first by making a POST method call. You will get a sessionID in the response.
Include the session id sessionID= to the user POST method you are making. You will also need to supply firstName or lastName. The user will be created, but not activated at this point.
You will then need to create a user token for the new user by executing restful call to api/user/assignUserToken by supplying the new user id (.../api/user/assignUserToken?id=).
Use the token to complete the user registration process by making PUT call to .../api/user/completeUserRegistration by supplying the user information and the token.
How to get email id of the user who accepted my Twitter application?
I have gone through lot of forums. But they have mentioned, it is not possible. Also those posts are older than a year. May I know whether it is possible to get the user email id through twitter API using PHP?
I am getting Twitter user details using the following URL:
https://api.twitter.com/1.1/account/verify_credentials.json
This is now possible by filling out a form to request elevated permissions:
Go to https://support.twitter.com/forms/platform
Select "I need access to special permissions"
Enter Application Name and ID. These can be obtained via https://apps.twitter.com/ -- the application ID is the numeric part in the browser's address bar after you click your app.
Permissions Request: "Email address"
Submit & wait for response
After your request is granted, an addition permission setting is added in your twitter app's "Permission" section. Go to "Additional Permissions" and just tick the checkbox for "Request email addresses from users".
Note that user e-mail address has to be verified, otherwise Twitter refuses to provide it. (See include_email parameter description in elevated permissions doc page.)
Now you can fetch user email address from twitter API and it's a lot much easier. Just follow these steps...
Goto Twitter Apps
Click on 'Create New App'
Fill all required credentials and click on 'Create your Twitter application'
Now click on 'Permissions' tab -> check 'Request email addresses from users' field and click on 'Update Settings'. (check given picture)
Now in your PHP code, set all app details and add this code!
$params = array('include_email' => 'true', 'include_entities' => 'false', 'skip_status' => 'true');
$data = $connection->get('account/verify_credentials', $params); // get the data
// getting twitter user profile details
$twt_id = $data->id; //twitter user id
$twt_email = $data->email; //twitter user email
All Done.
Hope it help you, good luck. ;)
It is now possible to retrieve a user's email address from Twitter (if the user permits it, of course).
You'll need to apply to have your application white-listed to receive xAuth.
Check here for more info:
https://dev.twitter.com/rest/reference/get/account/verify_credentials
Yes you can get email address.This is now possible by filling out a some permission.
1.Go to this Link: https://apps.twitter.com/
2.After go to permission tab inside your created Application
3.Select Addition permission checkbox in your APP.
4.After successfully update setting you can get email address from Twitter.
If in some case you can not getting email address then please check your Oauth Api request url.
Your request url should be this type :https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true
It is not possible to get user's email address from twitter. You can see it here. You can open a form page on your callback page and get user's email address on that page. You can refer here for example usage
Here is how I have done this in ASP.Net using linqtoTwitter library
http://www.bigbrainintelligence.com/Post/get-users-email-address-from-twitter-oauth-ap
// call verify credentials api
var twitterCtx = new TwitterContext(authTwitter);
var verifyResponse =
await
(from acct in twitterCtx.Account
where (acct.Type == AccountType.VerifyCredentials) && (acct.IncludeEmail == true)
select acct)
.SingleOrDefaultAsync();
if (verifyResponse != null && verifyResponse.User != null)
{
User twitterUser = verifyResponse.User;
//assign email to existing authentication object
loginInfo.Email = twitterUser.Email;
}
Im trying to connect from PHP(Zend Framework) code to an aspx Web Service. I need to send via post a few parameters to the page( email, password). I have tried to use Zend_Http_Client, and do this:
$client = new Zend_Http_Client('https://thesiteurl.asmx/Login');
$client->setMethod(Zend_Http_Client::POST);
$client->setAuth($username, $password);
$client->setParameterPost(array('email' => 'email', 'password' => 'password'));
$response = $client->request();
$this->view->response = $response;
where $username, $password are the username and password I use to log in to the web service(it has a pop-up window that asks me for username and password).
This code gives me the unauthorized page. So im asking where am I using the site username and password wrong? How can I use them?
edit:
The Auth is auth-basic.
Edit2:
I talked to the owner of the web service he says that everything is UTF-8 is this a problem, isnt it is a default? If not how do i do that?
You could check if a referer-header is needed, or it might be that it also needs a cross-site request forgery number. Simply dump the request that is made by your browser when you login and dump the request that your script is generating, compare those and it should work out.
For the browser-request dump you could use livehttpheaders plugin for firefox.
Depends on what that pop up box really is.
You probably need to study the HTTP Authentication. Currently, Zend_Http_Client only supports basic HTTP authentication. This feature is utilized using the setAuth() method, or by specifying a username and a password in the URI. The setAuth() method takes 3 parameters: The user name, the password and an optional authentication type parameter. As mentioned, currently only basic authentication is supported (digest authentication support is planned).
// Using basic authentication
$client->setAuth('shahar', 'myPassword!', Zend_Http_Client::AUTH_BASIC);
// Since basic auth is default, you can just do this:
$client->setAuth('shahar', 'myPassword!');
// You can also specify username and password in the URI
$client->setUri('http://christer:secret#example.com');
Source.
If this is not an HTTP auth and is somothing else, try to use cURL, wget or linx to see exactly what is happening on the page and now you can simulate it using Zend_Http_Client.
Sometimes you have to send cookies, execute some Js or follow some redirects. Zend_Http_client can do all this things.
have you tried this?
$config = array(
'adapter' => 'Zend_Http_Client_Adapter_Socket',
'ssltransport' => 'tls'
);
$client = new Zend_Http_Client('https://thesiteurl.asmx/Login', $config);
$client->setAuth('shahar', 'myPassword!', Zend_Http_Client::AUTH_BASIC);
also I am confused, is this popup a http basic auth, or something that is self designed?
since for basic auth you normally wouldn't send any post params...
the real URL of the site would help very much for finding the solution...
If you can access the servis using browser, use firebug to check the request and response. There might be some other parameters involved, eg cookie.
The best way to tackle these things is by just using the packet sniffer (tcpdump, ethereal, ...) to see what's happening on the line. Then compare the request/response you observe in a working scenario (e.g. from your browser) to the request/reponse which is not working.
This will very quickly reveal the precise difference at the HTTP level. Using this information you can either find out what to fix in your handling of Zend_Http_Client, or find out that Zend_Http_Client doesn't support a particular feature or authentication scheme.
I'm using lightopenid as the login system for a site and after successful login, I need the user's details like his first name, last name, email and date of birth..
How can I get this information from his openid? Suppose for google, I'm using the authentication url as: https://www.google.com/accounts/o8/id
Then after the validate() method returns 1, I'm redirecting the user to another page in my site. But how can I fetch the details of the user after login ?
FYI, I'm using openid for google, yahoo and aol.
And for facebook, I'm using graph api and for twitter, I'm using twitter oauth. Is there any way of fetching user data with these too? Please suggest.
Just read the manual:
http://code.google.com/p/lightopenid/wiki/GettingMoreInformation
$openid->required = array('namePerson/friendly', 'contact/email');
$openid->optional = array('namePerson/first');
before calling $openid->authUrl()!
Then
$openid->validate();
$userinfo = $openid->getAttributes();
$email = $userinfo['contact/email'];
$firstName = $userinfo['namePerson/first'];
You need to add a parameter to specify that you also want to receive data back from the OpenID request.
I append the following to my OpenID requests to get the email details.
&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ax.mode=fetch_request&openid.ax.type.email=http://axschema.org/contact/email&openid.ax.required=email
The first part specifies the namespace being used for the extended data.
The second part specifies that we are making a fetch request for the data.
The third part specifies the schema we are using for the email.
And the final part is specifying that we require the email to be returned.
I have tested this with Google and it works fine. I do not have the other accounts, so have not tested it for those.
OAuth and Facebook Graph API will have there own formats, so I am not sure on those ones.
$openid->identity = 'https://www.google.com/accounts/o8/';
// use the following line to obtain the required details. These are the only details that google mail provides.
$openid->required = array('namePerson/friendly', 'contact/email' , 'contact/country/home', 'namePerson/first', 'pref/language', 'namePerson/last');
header('Location: ' . $openid->authUrl());
Seemingly lightopenid provides a method for that:
$openid->validate();
$userinfo = $openid->getAttributes(); // associative array
It returns either SimpleReg or "Attribute Exchange" data. But only if the user agreed to that, I would hope.