external / 3rd party login system

[Jamie Whittingham]

@twisted1919

A client of mine would like to use their external platform for login into a MW installation.

I thought about doing a silent $_POST but that does not seem to work posting correct user / pass and token to the index.php/guest/index endpoint. I get error 400

What would be the best way to get something like this setup?

What the client wants it the following ...

If a customer goes to the customer login endpoint ton their own (typing in the address manually) hen it should redirect them to an external address.

If the customer goes to my clients platform and clicks a button that will be configured with user / pass details for MW then the customer should auto be logged into their MW account.

Any suggestions please?

thanks

 

[twisted1919]

The frontend of the app is not csrf protected, so you could add a controller there, send the post data there and login the user.
You have examples in the GuestController for how to log the user in

 

[Jamie Whittingham]

So Im looking in there but Im not fully understand how to do this ...... Im looking in the GuestController .... the part I notice that will help is the following

$identity = new CustomerIdentity($customer->email, $customer->password);
        $identity->setId($customer->customer_id)->setAutoLoginToken($customer);
        Yii::app()->customer->login($identity, 3600 * 24 * 30);
        $this->redirect(array('dashboard/index'));

but Im not sure where in that file is queries the DB for a login match or is that done in another place / file?

thanks

 

[twisted1919]

@Jamie Whittingham - it's actually way simpler than this:

if (!class_exists('CustomerIdentity', false)) {
    Yii::import('customer.components.web.auth.*');
}
$identity = new CustomerIdentity('the email', 'the password');
if (!$identity->authenticate()) {
    return 'some error';
}

if (!Yii::app()->customer->login($identity)) {
    return 'some error';
}

// customer logged in, redirect.