Single Sign-on using the API

Posted By: Jas Singh on June 5, 2009

The inspiration of this post comes from Tracy Mazelin. I met with Tracy at the DC09 conference, and she presented me with the problem she was trying to solve. She wanted to provide single sign-on functionality on her site. She wanted to have a login screen on her site, and once the user logs in, she wanted to use that information to access web link, without the user logging in again. This is an interesting problem, and I think the solution may benefit others too. So here is the solution. I am going to assume that you have the latest code of the F1 OAuth PHP library. If not, now is the time to go get it. By the very nature of this problem, I am also going to assume that you are a 2nd party application. If you have not yet read my previous post on 2nd party implementation, I would suggest that you stop here and read that one first, because this post is heavily based on that. In Step 4, after you set the access token and secret using initAccessToken, follow the steps below:

When the Consumer requests an access token, the Service Provider sends back a link to the logged in person via “Content-Location” header. You can get the response headers using the following line of code:

$responseHeaders = $apiConsumer->getResponseHeader();

Iterate over the response headers to find the current logged in person:

foreach ($responseHeaders as $val) {
    $start = 'Content-Location:';
    $contentLocation =  substr( $val, 0, 17 );
    if ($contentLocation == $start) {
        $personLocation = str_replace($start, "", $val);
    }
}

Get the person object.

$rawResponse = $apiConsumer->doRequest($personLocation);

The response contains iCode which you can use to log in to web-link.

Posted In: API, Tips

Mark Spidle said: on July 21, 2009 at 02:17 PM

How can I roll my own login form to use the API? I don’t really see that in any examples you have here.

Thanks

Commenting is not available in this weblog entry.

API Libraries and Sample Code
February 7, 2012
Building a custom login for your church website using the API
November 29, 2011
Roll Foward!
August 9, 2011
The Agile Triangle
July 27, 2011
Conversation Paralysis
July 7, 2011

2012

February (1)

2011

February (1)
March (2)
May (3)
July (2)
August (1)
November (1)

2010

January (1)
February (3)
March (2)
April (3)
May (5)
June (6)
July (3)
August (7)
September (4)
October (1)

2009

January (2)
February (2)
June (6)
July (2)
August (2)
September (3)
October (4)
December (1)

2008

November (2)
December (4)