Skip to Content Skip to Menu

🌟Discover the Joomla AI Plugin that wrote its own story! - CB Editor Assistant 1.1now for Joomla 3, 4 & 5!
✍️ 5-Day Free Trial, then 🎯 save up to 30% with our 🛍️ Intro Offer (First 50 users, ends Dec. 25th)
🌲 Merry Christmas! Great savings on Professional and Developer Memberships! Get 25% off now with code XMAS-2024!

API token - not in params?

  • fdinkler
  • fdinkler
  • OFFLINE
  • Posts: 217
  • Thanks: 27
  • Karma: 0
4 months 2 weeks ago - 4 months 2 weeks ago #338811 by fdinkler
API token - not in params? was created by fdinkler
Hey Kyle -   I'm rewriting an old API using J4/J5 Web Services.
If I require the user to retrieve the Joomla-generated API token, how can I do that within the CB profile?
I'm not seeing a token field, and it's not in params (that I can see.)
Adding another Edit Profile menu item isn't optimum.
I'm curious how Joomla generates the token.

I can drop back to ID/pwd authentication if I must...

Thoughts?
Thanks
Fred
Last edit: 4 months 2 weeks ago by fdinkler. Reason: added Id/pwd comment

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48616
  • Thanks: 8302
  • Karma: 1446
4 months 2 weeks ago #338818 by krileon
Replied by krileon on topic API token - not in params?
The Joomla API Token has context restrictions in place so it can't display in CB profile edit and believe it also only works in backend. I don't think Joomla intends on the tokens to be used this way though so I'm not sure what the best way would be to expose them to frontend. Will add a feature ticket to see if I can get the token field to output to CBs profile edit, but unsure if I'll be able to get around the context restrictions.

forge.joomlapolis.com/issues/9471


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • fdinkler
  • fdinkler
  • OFFLINE
  • Posts: 217
  • Thanks: 27
  • Karma: 0
4 months 2 weeks ago #338824 by fdinkler
Replied by fdinkler on topic API token - not in params?
Thanks Kyle - 
I did research the Token plugin - the form xml that's injected into the User profile has a field named "token" with an element named "algo" that's set to 'sha256'
The file <site>/plugins/user/token/src/Extension/Token.php  contains the token generation code 

From what I see, the token is displayed as follows:
         $rawToken  = base64_decode($tokenSeed); 
        $tokenHash = hash_hmac($algorithm, $rawToken, $siteSecret);
        $message   = base64_encode("$algorithm:$userId:$tokenHash");

$tokenSeed is stored in the $__users_profile table
$algorithm is set from the algo field element, e.g. "sha256"

It would be an interesting exercize to write a webservice plugin that recreates the token.
In the meantime, I'll generate my own app-specific token and use the ID/password web authentication method
Thanks,
Fred

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48616
  • Thanks: 8302
  • Karma: 1446
4 months 2 weeks ago #338826 by krileon
Replied by krileon on topic API token - not in params?
As I understand it Joomla intends for those tokens to be used as env variables in for example an external integration or an app. I think Joomla would need OAuth to properly handle user based tokens. I'm not sure what their intent is though to be honest. At any rate will look into trying to get the token field to at least output to backend CB profile edit. I don't see it in Joomla frontend profile edit so I'm guessing they're only meant for backend.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • fdinkler
  • fdinkler
  • OFFLINE
  • Posts: 217
  • Thanks: 27
  • Karma: 0
4 months 2 weeks ago #338828 by fdinkler
Replied by fdinkler on topic API token - not in params?
The current token retrieval process requires a user to edit their front-end User profile (which has no token yet), then save the profile which will generate a token the user can copy and paste.
This is only if the user is in an ACL authorized to access the "API Authentication - Web Services Joomla Token" plugin.
 

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48616
  • Thanks: 8302
  • Karma: 1446
4 months 2 weeks ago #338829 by krileon
Replied by krileon on topic API token - not in params?
I see, thank you. Will see if I can get those parameters to show up. Am unsure of when I will have this implement as currently have some other tasks to attend to.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum