Using the J! API to authenticate external app against J! d/b
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
-
- Joomla! Enthusiast
- Posts: 130
- Joined: Mon Nov 06, 2006 7:46 pm
- Location: Gloucestershire, UK
Using the J! API to authenticate external app against J! d/b
I have an existing external d/b application (entirely independent of J!) which lets users log into it using their J! login and password.
Currently, it just works by hashing the user entered password, directly reading the J! user database table to retrieve the password for the given username and comparing the two. Not elegant but it works.
It would obviously be better if it could use the J! API but I can't find anything in there that helps.
For example, GET users/{user_id} does not return the password.
Am I missing something, or is this not currently possible with the J4 API??
Thanks
Currently, it just works by hashing the user entered password, directly reading the J! user database table to retrieve the password for the given username and comparing the two. Not elegant but it works.
It would obviously be better if it could use the J! API but I can't find anything in there that helps.
For example, GET users/{user_id} does not return the password.
Am I missing something, or is this not currently possible with the J4 API??
Thanks
- carlitorweb
- Joomla! Intern
- Posts: 68
- Joined: Tue May 08, 2018 9:03 pm
Re: Using the J! API to authenticate external app against J! d/b
No, the webservice for Users only return this for a user:
Make sense also do not return the passwords like that.
Thinking fast, a workaround I can think now is: Use the api-authentication method of Joomla.
Code: Select all
protected $fieldsToRenderItem = [
'id',
'groups',
'name',
'username',
'email',
'registerDate',
'lastvisitDate',
'lastResetTime',
'resetCount',
'sendEmail',
'block',
];
Thinking fast, a workaround I can think now is: Use the api-authentication method of Joomla.
The future will be automated, decentralized, and digital.
-
- Joomla! Enthusiast
- Posts: 130
- Joined: Mon Nov 06, 2006 7:46 pm
- Location: Gloucestershire, UK
Re: Using the J! API to authenticate external app against J! d/b
I thought the api authentication stuff only supported superuser accounts?
Or am I misunderstanding what you mean? (Entirely possible!)
Or am I misunderstanding what you mean? (Entirely possible!)
- Per Yngve Berg
- Joomla! Master
- Posts: 31063
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: Using the J! API to authenticate external app against J! d/b
The Password is hashed with a one way method and cannot be retrieved.
https://api.joomla.org/cms-4/classes/Jo ... fyPassword
https://api.joomla.org/cms-4/classes/Jo ... fyPassword
-
- Joomla! Enthusiast
- Posts: 130
- Joined: Mon Nov 06, 2006 7:46 pm
- Location: Gloucestershire, UK
Re: Using the J! API to authenticate external app against J! d/b
Not a problem currently - the other app stores the hashed password and compares it with the J! hashed password.Per Yngve Berg wrote: ↑Sat Apr 27, 2024 5:46 pmThe Password is hashed with a one way method and cannot be retrieved.
I was just looking for an api way to return the hashed password.
- Per Yngve Berg
- Joomla! Master
- Posts: 31063
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: Using the J! API to authenticate external app against J! d/b
The function verify the password, it does not return the hashed password.
- carlitorweb
- Joomla! Intern
- Posts: 68
- Joined: Tue May 08, 2018 9:03 pm
Re: Using the J! API to authenticate external app against J! d/b
Yes that is correct. But is right, you cant use it like that
The future will be automated, decentralized, and digital.
- carlitorweb
- Joomla! Intern
- Posts: 68
- Joined: Tue May 08, 2018 9:03 pm
Re: Using the J! API to authenticate external app against J! d/b
What about create your own webservice? In this way you can get exactly what you want.
This can help for that: https://manual.joomla.org/docs/web-serv ... se-format/
This can help for that: https://manual.joomla.org/docs/web-serv ... se-format/
The future will be automated, decentralized, and digital.
- Per Yngve Berg
- Joomla! Master
- Posts: 31063
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
-
- Joomla! Enthusiast
- Posts: 130
- Joined: Mon Nov 06, 2006 7:46 pm
- Location: Gloucestershire, UK
Re: Using the J! API to authenticate external app against J! d/b
ThanksPer Yngve Berg wrote: ↑Sun Apr 28, 2024 9:52 amhttps://api.joomla.org/cms-4/classes/Jo ... ation.html