Using the J! API to authenticate external app against J! d/b

sclg · Post by **sclg** » Sat Apr 27, 2024 1:16 pm

I have an existing external d/b application (entirely independent of J!) which lets users log into it using their J! login and password.
Currently, it just works by hashing the user entered password, directly reading the J! user database table to retrieve the password for the given username and comparing the two. Not elegant but it works.

It would obviously be better if it could use the J! API but I can't find anything in there that helps.
For example, GET users/{user_id} does not return the password.

Am I missing something, or is this not currently possible with the J4 API??
Thanks

carlitorweb · Post by **carlitorweb** » Sat Apr 27, 2024 5:08 pm

No, the webservice for Users only return this for a user:

Code: Select all

protected $fieldsToRenderItem = [
        'id',
        'groups',
        'name',
        'username',
        'email',
        'registerDate',
        'lastvisitDate',
        'lastResetTime',
        'resetCount',
        'sendEmail',
        'block',
    ];

Make sense also do not return the passwords like that.

Thinking fast, a workaround I can think now is: Use the api-authentication method of Joomla.

sclg · Post by **sclg** » Sat Apr 27, 2024 5:20 pm

I thought the api authentication stuff only supported superuser accounts?
Or am I misunderstanding what you mean? (Entirely possible!)

Post by **Per Yngve Berg** » Sat Apr 27, 2024 5:46 pm

The Password is hashed with a one way method and cannot be retrieved.

https://api.joomla.org/cms-4/classes/Jo ... fyPassword

sclg · Post by **sclg** » Sat Apr 27, 2024 6:35 pm

Per Yngve Berg wrote: ↑
Sat Apr 27, 2024 5:46 pm
The Password is hashed with a one way method and cannot be retrieved.

Not a problem currently - the other app stores the hashed password and compares it with the J! hashed password.
I was just looking for an api way to return the hashed password.

Post by **Per Yngve Berg** » Sat Apr 27, 2024 7:02 pm

The function verify the password, it does not return the hashed password.

carlitorweb · Post by **carlitorweb** » Sat Apr 27, 2024 8:38 pm

sclg wrote: ↑
Sat Apr 27, 2024 5:20 pm
I thought the api authentication stuff only supported superuser accounts?
Or am I misunderstanding what you mean? (Entirely possible!)

Yes that is correct. But is right, you cant use it like that

carlitorweb · Post by **carlitorweb** » Sat Apr 27, 2024 8:41 pm

What about create your own webservice? In this way you can get exactly what you want.

This can help for that: https://manual.joomla.org/docs/web-serv ... se-format/

Post by **Per Yngve Berg** » Sun Apr 28, 2024 9:52 am

https://api.joomla.org/cms-4/classes/Jo ... ation.html

sclg · Post by **sclg** » Sun Apr 28, 2024 11:40 am

Per Yngve Berg wrote: ↑
Sun Apr 28, 2024 9:52 am
https://api.joomla.org/cms-4/classes/Jo ... ation.html

Thanks

The Joomla! Forum™

Using the J! API to authenticate external app against J! d/b

Using the J! API to authenticate external app against J! d/b

Re: Using the J! API to authenticate external app against J! d/b

Re: Using the J! API to authenticate external app against J! d/b

Re: Using the J! API to authenticate external app against J! d/b

Re: Using the J! API to authenticate external app against J! d/b

Re: Using the J! API to authenticate external app against J! d/b

Re: Using the J! API to authenticate external app against J! d/b

Re: Using the J! API to authenticate external app against J! d/b

Re: Using the J! API to authenticate external app against J! d/b

Re: Using the J! API to authenticate external app against J! d/b