Single Sign-on using the API

Posted By: Jas Singh

The inspiration of this post comes from Tracy Mazelin. I met with Tracy at the DC09 conference, and she presented me with the problem she was trying to solve. She wanted to provide single sign-on functionality on her site. She wanted to have a login screen on her site, and once the user logs in, she wanted to use that information to access web link, without the user logging in again. This is an interesting problem, and I think the solution may benefit others too. So here is the solution. I am going to assume that you have the latest code of the F1 OAuth PHP library. If not, now is the time to go get it. By the very nature of this problem, I am also going to assume that you are a 2nd party application. If you have not yet read my previous post on 2nd party implementation, I would suggest that you stop here and read that one first, because this post is heavily based on that. In Step 4, after you set the access token and secret using initAccessToken, follow the steps below:

When the Consumer requests an access token, the Service Provider sends back a link to the logged in person via “Content-Location” header. You can get the response headers using the following line of code:

$responseHeaders = $apiConsumer->getResponseHeader();

Iterate over the response headers to find the current logged in person:

foreach ($responseHeaders as $val) {
    $start = 'Content-Location:';
    $contentLocation =  substr( $val, 0, 17 );
    if ($contentLocation == $start) {
        $personLocation = str_replace($start, "", $val);

Get the person object.

$rawResponse = $apiConsumer->doRequest($personLocation);

The response contains iCode which you can use to log in to web-link.

Posted In: API, Tips,

Mark Spidle said: on July 21, 2009 at 02:17 PM

How can I roll my own login form to use the API?  I don’t really see that in any examples you have here.


Commenting is not available in this channel entry.


Previous Posts:

Subscribe to the RSS feed!