Authenticate with token

oledr · January 28, 2020, 4:09pm

Hi.

I’m trying to develop an app that a third party service will send a request to. I’m able to do this, but I have some problems with the authentication process.

Right now when the request is sent the only response that the third party service get is “User is not currently logged in.” This must be because the third party service haven’t authenticated itself yet. Manually going to the same route while logged in to nextcloud through an url shows me the response.

Now I’ve tried to send a token (which I get from nc_token cookie) to the third party service, and it uses it as part of its request both in its body (form) and as a authentication header bearer token. This used to work when I was working on this app on nc16, but now on a new server with NC18 it doesn’t work, giving the same error message.

How should I authenticate such a request to nextcloud? Any other apps that does this?

kesselb · January 28, 2020, 6:11pm

I guess you need the @PublicPage annotation for the controller method.

oledr · January 29, 2020, 8:13am

I think your idea lets me access the method, but there is a problem. I don’t want just anyone to access the page, and even if I did, it uses member functions such as getUID, which means making it a public page only returns an error that “Message: Call to a member function getUID() on null”.

Any idea how to get around this, or another way to solve this?

marcelklehr · January 29, 2020, 12:50pm

When you want to do your own authentication, my understanding is that you need to use a @PublicPage and do authentication yourself. The session manager let’s you set a user, for example. So you could verify a token provided as part of the request and set the corresponding user to the session.

oledr · February 18, 2020, 1:14pm

Makes sense. I can see that you can set an user with the user session manager, but that requires IUser interface as a parameter and maybe even a login attempt afterward, which I would imagine is hard to do without a password unless token works for passwords. Could you eleborate on how you could do this?

agelaw · September 8, 2020, 7:31am

Hi!
Did you get any further in your project? I would like to understand the login-procedure by myself since i want to develop a custom login-service by myself (Custom Login Controller)
in my case the $userSession->login(“username”,“password") returns true, but nothing happens afterwards. do you know how to actually login (get session-cookies etc.?)

oledr · September 8, 2020, 8:29am

Hi.

For me it works in a @PublicPage controller with the $this->userSession->login(‘username’, ‘password’);

It allowed me to do what I needed to do, but I didn’t actually want to login the user, I just wanted to authenticate the controller. I don’t think it by itself is enough to be logged in. Another project we had where we actually wanted to login a user we had to do something like this:

$this->userSession->getSession()->regenerateId();
$this->userSession->createSessionToken($request, $user->getUID(), $user->getUID());
$this->userSession->login(‘username’, ‘password’);
$this->userSession->createSessionToken($request, $user->getUID(), $user->getUID());

I don’t have the excact code and don’t know excatly how it worked but hopefully this can be of help.