CB login authentication token
- activha
- ONLINE
-
Platinum Member
- Posts: 2277
- Thanks: 113
- Karma: 13
1 year 3 weeks ago #333320
by activha
CB login authentication token was created by activha
Hello
Is it possible now to use an authentication token to log in and access a url from outside ?
I would like some of my CBSubs subscribers to access a CB Autoaction url from their own website (API behavior) and was wondering whether that was possible now that CB supports MFA authentication ?
Thanks for any hint
Is it possible now to use an authentication token to log in and access a url from outside ?
I would like some of my CBSubs subscribers to access a CB Autoaction url from their own website (API behavior) and was wondering whether that was possible now that CB supports MFA authentication ?
Thanks for any hint
Please Log in to join the conversation.
krileon
Team Member- ONLINE
- Posts: 68509
- Thanks: 9085
- Karma: 1434
1 year 3 weeks ago #333321
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic CB login authentication token
I assume you mean through Joomla's web services API? We don't have any endpoints for that yet. The plan was to add support for that in CB 3.x when we've implemented our new router. MFA wouldn't be of any help in this regard you'd need to give them their backend bearer tokens to authenticate through Joomla.
An alternative is to expose the auto action to the public and add your own token authentication to the conditions of the auto action. You can set User to Custom to extract a user from that token. So for example maybe you've a CB field where you give them generated tokens. When the auto action URL is accessed with that token find the user associated with it in the customer user parsing behavior.
An alternative is to expose the auto action to the public and add your own token authentication to the conditions of the auto action. You can set User to Custom to extract a user from that token. So for example maybe you've a CB field where you give them generated tokens. When the auto action URL is accessed with that token find the user associated with it in the customer user parsing behavior.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- activha
- ONLINE
-
Platinum Member
- Posts: 2277
- Thanks: 113
- Karma: 13
1 year 3 weeks ago #333323
by activha
Replied by activha on topic CB login authentication token
That's a good idea, much simpler that using the joomla authentication plugins.
What do you mean by "find the user associated with it in the customer user parsing behavior." ?
What do you mean by "find the user associated with it in the customer user parsing behavior." ?
Please Log in to join the conversation.
- krileon
- Team Member
- ONLINE
- Posts: 68509
- Thanks: 9085
- Karma: 1434
1 year 3 weeks ago #333325
by krileon
User: Query
User (new Tab next to Global):Substitutions and Format Functions toggled on
That would set the user used by the auto action by matching the &token=TOKEN_HERE in the auto action URL with the field cb_token. I suggest also adding a condition to make sure token isn't empty. Each user in this case would need to be given their own token via the cb_token field that you want to have access.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic CB login authentication token
You can implement your own SQL or PHP based user parsing for CB Auto Actions. Example as follows.What do you mean by "find the user associated with it in the customer user parsing behavior." ?
User: Query
User (new Tab next to Global):
SELECT `id` FROM `#__comprofiler` WHERE `cb_token` = '[cb:parse function="clean" method="string"][get_token][/cb:parse]' LIMIT 1That would set the user used by the auto action by matching the &token=TOKEN_HERE in the auto action URL with the field cb_token. I suggest also adding a condition to make sure token isn't empty. Each user in this case would need to be given their own token via the cb_token field that you want to have access.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- activha
- ONLINE
-
Platinum Member
- Posts: 2277
- Thanks: 113
- Karma: 13
1 year 3 weeks ago #333326
by activha
Replied by activha on topic CB login authentication token
Great like this I could also double check with a domain associated for the user and registered in a cb field 
Then I can protect the fields against a CB Subscription and also limit the url to the CBsubs valid subscription , correct ?
Is there a cb field type that could finally allow an automatic display of code/token for my users ?
Then I can protect the fields against a CB Subscription and also limit the url to the CBsubs valid subscription , correct ?
Is there a cb field type that could finally allow an automatic display of code/token for my users ?
Please Log in to join the conversation.
- krileon
- Team Member
- ONLINE
- Posts: 68509
- Thanks: 9085
- Karma: 1434
1 year 3 weeks ago - 1 year 3 weeks ago #333331
by krileon
Encode
Decode
That would encode the $userId using the $key, which is site specific (using Joomla site secret) and has a special string added (e.g. in this case autoaction_key, but can be whatever you want). When decoding the result of the encoded string with the same key you'll get the user id. Note this is just an example I did not test the above as working code, but probably should work fine.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic CB login authentication token
If you wanted to, yes.Great like this I could also double check with a domain associated for the user and registered in a cb field
Yes.Then I can protect the fields against a CB Subscription and also limit the url to the CBsubs valid subscription , correct ?
Not one that'd be stored in the database. You could generate a code using PHP and a Code field using a reversable encryption method. Then instead of setting User to Query set it to Code and reverse the encrypt. Joomla actually comes with API to do this. Example as follows.Is there a cb field type that could finally allow an automatic display of code/token for my users
Encode
global $_CB_framework;
return ( new \Joomla\CMS\Encrypt\Aes( $_CB_framework->getCfg( 'secret' ) . ':autoaction_key' ) )->encryptString( (string) \CBLib\Application\Application::MyUser()->getUserId() );Decode
global $_CB_framework;
return (int) ( new \Joomla\CMS\Encrypt\Aes( $_CB_framework->getCfg( 'secret' ) . ':autoaction_key' ) )->decryptString( '[get_token]' );That would encode the $userId using the $key, which is site specific (using Joomla site secret) and has a special string added (e.g. in this case autoaction_key, but can be whatever you want). When decoding the result of the encoded string with the same key you'll get the user id. Note this is just an example I did not test the above as working code, but probably should work fine.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 1 year 3 weeks ago by krileon.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.268 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Developer Members Support
- CB login authentication token