1. Forums
  3. Support and Presales
  5. Developer Members Support
  7. CB ajax login

CB ajax login

11 months 3 weeks ago #333752 by activha
Replied by activha on topic CB ajax login
Yes I know this JS API, already tried on the first dev trying to go the iframe way. Then I decided to use web components because of too many cookies issues even with post messages and the impossibility to log a user without using local storage.

Only one message after the registration should be enough on the iframe to get the token and register the new user in the web component.

As we use cassiopeia, I think that the best would be to open the iframe with a child template without modules.

Concerning redirections, I was thinking at closing the iframe once the message has been received by the component.

I have CBSubs involved with selection of a plan, in this case what is the best trigger to use ? Mostly that would be a free plan for the web component.

The js on the registration page would also have to detect that I am in the iframe, so that involves being able to talk to a supposed iframe from the main website to check if everything is fine, domain is accepted, etc etc

Can I do this with autoactions conditions ? before outputting the post message in the action ?

Please Log in to join the conversation.

11 months 3 weeks ago #333755 by krileon
Replied by krileon on topic CB ajax login

As we use cassiopeia, I think that the best would be to open the iframe with a child template without modules.

That should work well. Good idea!

Concerning redirections, I was thinking at closing the iframe once the message has been received by the component.

As long as all the redirect URLs use that child template there won't be really any concerns and can show the registration complete messages fine, but entirely up to you.

I have CBSubs involved with selection of a plan, in this case what is the best trigger to use ? Mostly that would be a free plan for the web component.

That gets massively more complicated. You'd need to send the message on the payment complete page. You won't even need the message API though if your setup CORS properly. There isn't really a reason you can't allow the app direct communication with the web domain as you control both. If CORS is correctly setup your app could then just directly bind to and even pull content from the iframe. Setting up CORS can be a bit complicated though.

developer.mozilla.org/en-US/docs/Web/HTTP/CORS
developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

The js on the registration page would also have to detect that I am in the iframe, so that involves being able to talk to a supposed iframe from the main website to check if everything is fine, domain is accepted, etc etc

Just send the message anyway. If in iframe it'll communicate. If not it does nothing. Otherwise check what Joomla template is loaded or check referrer headers, etc..

Can I do this with autoactions conditions ? before outputting the post message in the action ?

Conditions can do whatever you want. There's even a Code condition that lets you execute custom PHP. So yes probably.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: activha

Please Log in to join the conversation.

11 months 3 weeks ago - 11 months 3 weeks ago #333763 by activha
Replied by activha on topic CB ajax login

There isn't really a reason you can't allow the app direct communication with the web domain as you control both


You are perfectly right ! no CORS issue as the windows communicates well.
Thanks a lot for everything, will go to testing now :-)

Edit : I also used iframes for connection, which is much easier to deal with and allow to use CB Connect :-)

I just need to find a trigger when my user is already connected on the main website. In this case the web component opens the connection iframe but as the user is already logged I don't know what trigger to use to check its login state. Do you have one ?

Please Log in to join the conversation.

11 months 2 weeks ago - 11 months 2 weeks ago #333796 by activha
Replied by activha on topic CB ajax login
Hi Kyle

I wrote too quickly on this...
Extensive tests shows that a web component is also submitted to the same restrictions as an iframe. This means that when it's installed on an outside domain, I can open my web component frames but these cannot use their own cookies so I cannot login my users.

I tried any combination of security policy or CORS without success. The only working solution would be the storage access API but it's not used by Chrome :-(

Do you have any other idea on this that I could have missed ?

If not that leaves me to code an inline login and registration process in my web component javascript.

For this I may have an issue with usernames and captcha. Do you have an exemple to use CB Catcha by fetch request within my script ? 
I can load CB in my web component, so could I use it to directly load a log in module or a registration form with CB ?

Your ideas would be welcome :-)


Edit :
If I use a CB Autoaction Register can I use [post_field] to get the data from my form and also output json like 
return json_encode( [ 
    'success' => 'true', 
    'isloggedin' => '1', 
    'userid' => (int) '[data1_user_id]',
    'refid' => '[data1_cb_refid]', 
    'token' => '[data1_cb_token_api]' 
] );

On this kind of autoaction whatever I try I always get : unable to register, please input your name !

Please Log in to join the conversation.

11 months 2 weeks ago #333798 by krileon
Replied by krileon on topic CB ajax login
The only way to cross communicate is either setup CORS to allow access by whatever other domains you need to allow access or use the window message API.

If the domains are under your control then you should just be setting CORS up properly so all those domains can communicate with one another. That's quite literally the point of CORS.

If you don't have control over those domains then you shouldn't be trying to embed anything at all and should be developing your own 3-legged oAuth2 implementation for authenticating users to your APIs via authorization tokens.

Those are the standard way of doing this. We cannot help you with either of these. Maybe in CB 3.x we'll provide an oAuth2 implementation out of the box at some point, but we have no such implementation right now.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

11 months 2 weeks ago #333799 by activha
Replied by activha on topic CB ajax login
Ok for this, but I need help with the CB register autoaction that I may use to register users and which is not working whatever I tried
Even with a postman request there is no success.

Then I'll use tokens to authenticate users with other autoactions, that is already working fine but I need to fix the registration process within the web component

Please Log in to join the conversation.

Moderators: beatnantkrileon
  1. Forums
  3. Support and Presales
  5. Developer Members Support
  7. CB ajax login
Time to create page: 0.209 seconds

Search

Login / Logout

User Menu