CB ajax login

Yes I know this JS API, already tried on the first dev trying to go the iframe way. Then I decided to use web components because of too many cookies issues even with post messages and the impossibility to log a user without using local storage.

Only one message after the registration should be enough on the iframe to get the token and register the new user in the web component.

As we use cassiopeia, I think that the best would be to open the iframe with a child template without modules.

Concerning redirections, I was thinking at closing the iframe once the message has been received by the component.

I have CBSubs involved with selection of a plan, in this case what is the best trigger to use ? Mostly that would be a free plan for the web component.

The js on the registration page would also have to detect that I am in the iframe, so that involves being able to talk to a supposed iframe from the main website to check if everything is fine, domain is accepted, etc etc

Can I do this with autoactions conditions ? before outputting the post message in the action ?

As we use cassiopeia, I think that the best would be to open the iframe with a child template without modules.

That should work well. Good idea!

Concerning redirections, I was thinking at closing the iframe once the message has been received by the component.

As long as all the redirect URLs use that child template there won't be really any concerns and can show the registration complete messages fine, but entirely up to you.

I have CBSubs involved with selection of a plan, in this case what is the best trigger to use ? Mostly that would be a free plan for the web component.

That gets massively more complicated. You'd need to send the message on the payment complete page. You won't even need the message API though if your setup CORS properly. There isn't really a reason you can't allow the app direct communication with the web domain as you control both. If CORS is correctly setup your app could then just directly bind to and even pull content from the iframe. Setting up CORS can be a bit complicated though.

developer.mozilla.org/en-US/docs/Web/HTTP/CORS
developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

The js on the registration page would also have to detect that I am in the iframe, so that involves being able to talk to a supposed iframe from the main website to check if everything is fine, domain is accepted, etc etc

Just send the message anyway. If in iframe it'll communicate. If not it does nothing. Otherwise check what Joomla template is loaded or check referrer headers, etc..

Can I do this with autoactions conditions ? before outputting the post message in the action ?

Conditions can do whatever you want. There's even a Code condition that lets you execute custom PHP. So yes probably.

There isn't really a reason you can't allow the app direct communication with the web domain as you control both

You are perfectly right ! no CORS issue as the windows communicates well.
Thanks a lot for everything, will go to testing now

Edit : I also used iframes for connection, which is much easier to deal with and allow to use CB Connect

I just need to find a trigger when my user is already connected on the main website. In this case the web component opens the connection iframe but as the user is already logged I don't know what trigger to use to check its login state. Do you have one ?

Hi Kyle

I wrote too quickly on this...
Extensive tests shows that a web component is also submitted to the same restrictions as an iframe. This means that when it's installed on an outside domain, I can open my web component frames but these cannot use their own cookies so I cannot login my users.

I tried any combination of security policy or CORS without success. The only working solution would be the storage access API but it's not used by Chrome

Do you have any other idea on this that I could have missed ?

If not that leaves me to code an inline login and registration process in my web component javascript.

For this I may have an issue with usernames and captcha. Do you have an exemple to use CB Catcha by fetch request within my script ? 
I can load CB in my web component, so could I use it to directly load a log in module or a registration form with CB ?

Your ideas would be welcome


Edit :
If I use a CB Autoaction Register can I use [post_field] to get the data from my form and also output json like 
On this kind of autoaction whatever I try I always get : unable to register, please input your name !

The only way to cross communicate is either setup CORS to allow access by whatever other domains you need to allow access or use the window message API.

If the domains are under your control then you should just be setting CORS up properly so all those domains can communicate with one another. That's quite literally the point of CORS.

If you don't have control over those domains then you shouldn't be trying to embed anything at all and should be developing your own 3-legged oAuth2 implementation for authenticating users to your APIs via authorization tokens.

Those are the standard way of doing this. We cannot help you with either of these. Maybe in CB 3.x we'll provide an oAuth2 implementation out of the box at some point, but we have no such implementation right now.

Ok for this, but I need help with the CB register autoaction that I may use to register users and which is not working whatever I tried
Even with a postman request there is no success.

Then I'll use tokens to authenticate users with other autoactions, that is already working fine but I need to fix the registration process within the web component