Skip to Content Skip to Menu

🌟Discover the Joomla AI Plugin that wrote its own story! - CB Editor Assistant 1.1now for Joomla 3, 4 & 5!
✍️ 5-Day Free Trial, then 🎯 save up to 30% with our 🛍️ Intro Offer (First 50 users, ends Dec. 31)
🌲 Merry Christmas! Great savings on Professional and Developer Memberships! Get 25% off now with code XMAS-2024!

CB login authentication token

  • activha
  • activha
  • OFFLINE
  • Posts: 2336
  • Thanks: 117
  • Karma: 13
1 year 9 months ago #333320 by activha
CB login authentication token was created by activha
Hello
Is it possible now to use an authentication token to log in and access a url from outside ?
I would like some of my CBSubs subscribers to access a CB Autoaction url from their own website (API behavior) and was wondering whether that was possible now that CB supports MFA authentication ?

Thanks for any hint
 

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48630
  • Thanks: 8307
  • Karma: 1446
1 year 9 months ago #333321 by krileon
Replied by krileon on topic CB login authentication token
I assume you mean through Joomla's web services API? We don't have any endpoints for that yet. The plan was to add support for that in CB 3.x when we've implemented our new router. MFA wouldn't be of any help in this regard you'd need to give them their backend bearer tokens to authenticate through Joomla.

An alternative is to expose the auto action to the public and add your own token authentication to the conditions of the auto action. You can set User to Custom to extract a user from that token. So for example maybe you've a CB field where you give them generated tokens. When the auto action URL is accessed with that token find the user associated with it in the customer user parsing behavior.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • activha
  • activha
  • OFFLINE
  • Posts: 2336
  • Thanks: 117
  • Karma: 13
1 year 9 months ago #333323 by activha
Replied by activha on topic CB login authentication token
That's a good idea, much simpler that using the joomla authentication plugins.
What do you mean by "find the user associated with it in the customer user parsing behavior." ?

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48630
  • Thanks: 8307
  • Karma: 1446
1 year 9 months ago #333325 by krileon
Replied by krileon on topic CB login authentication token

What do you mean by "find the user associated with it in the customer user parsing behavior." ?

You can implement your own SQL or PHP based user parsing for CB Auto Actions. Example as follows.

User: Query
User (new Tab next to Global):
Code:
SELECT `id` FROM `#__comprofiler` WHERE `cb_token` = '[cb:parse function="clean" method="string"][get_token][/cb:parse]' LIMIT 1
Substitutions and Format Functions toggled on

That would set the user used by the auto action by matching the &token=TOKEN_HERE in the auto action URL with the field cb_token. I suggest also adding a condition to make sure token isn't empty. Each user in this case would need to be given their own token via the cb_token field that you want to have access.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • activha
  • activha
  • OFFLINE
  • Posts: 2336
  • Thanks: 117
  • Karma: 13
1 year 9 months ago #333326 by activha
Replied by activha on topic CB login authentication token
Great like this I could also double check with a domain associated for the user and registered in a cb field :-)

Then I can protect the fields against a CB Subscription and also limit the url to the CBsubs valid subscription , correct ?

Is there a cb field type that could finally allow an automatic display of code/token for my users ?

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48630
  • Thanks: 8307
  • Karma: 1446
1 year 9 months ago - 1 year 9 months ago #333331 by krileon
Replied by krileon on topic CB login authentication token

Great like this I could also double check with a domain associated for the user and registered in a cb field 

If you wanted to, yes.

Then I can protect the fields against a CB Subscription and also limit the url to the CBsubs valid subscription , correct ?

Yes.

Is there a cb field type that could finally allow an automatic display of code/token for my users 

Not one that'd be stored in the database. You could generate a code using PHP and a Code field using a reversable encryption method. Then instead of setting User to Query set it to Code and reverse the encrypt. Joomla actually comes with API to do this. Example as follows.

Encode
Code:
global $_CB_framework; return ( new \Joomla\CMS\Encrypt\Aes( $_CB_framework->getCfg( 'secret' ) . ':autoaction_key' ) )->encryptString( (string) \CBLib\Application\Application::MyUser()->getUserId() );

Decode
Code:
global $_CB_framework; return (int) ( new \Joomla\CMS\Encrypt\Aes( $_CB_framework->getCfg( 'secret' ) . ':autoaction_key' ) )->decryptString( '[get_token]' );


That would encode the $userId using the $key, which is site specific (using Joomla site secret) and has a special string added (e.g. in this case autoaction_key, but can be whatever you want). When decoding the result of the encoded string with the same key you'll get the user id. Note this is just an example I did not test the above as working code, but probably should work fine.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 1 year 9 months ago by krileon.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum