Show Changes Show Changes
Edit Edit
Print Print
Recent Changes Recent Changes
Subscriptions Subscriptions
Lost and Found Lost and Found
Find References Find References
Rename Rename
Search

History

25.02.2010 17:16:46
mark.schmalohr
25.02.2010 17:09:44
mark.schmalohr
25.02.2010 16:51:40
mark.schmalohr
25.02.2010 16:51:28
mark.schmalohr
25.02.2010 16:51:15
mark.schmalohr
List all versions List all versions
Callback Authentication
.

Introduction

The GroupChat Jabber server allows a configuration to authorize unknown user logins against an external URL. A successful authorization against this URL will create/update user accounts on the fly in the GroupChat database. This callback authorization URL can be configured in the GroupChat administration section. This URL is then requested by username and password from GroupChat Server process and expects a return of either auth=0 or auth=1. The DotNetNuke cms module contains a ready to use callback auth script and is used by default after module installation. Customs portals and websites can simply provide such an auth script against any kind of user database, GroupChat will be all the time in sync with this userbase then.

Communication flow

From the enduser point of view, a website is loaded with GroupChat scripts contained. For example a website contains this GroupChat code snippet:

<a href="javascript:gcShowHideChat()">Chat Show/Hide</a>

<script language="JavaScript">
        var gc = new Object();
        gc.user = 'myusername';
        gc.pass = 'mypassword';
        gc.uid = 'demo';
</script>
<script src="http://www.think5.de/saas/config/demo.js" type="text/javascript"></script>

The user´s browser will execute these scripts, the chat loads and tries to connect to the GroupChat Server with username myusername and password mypassword. When the user is not present in the chat database, the login will normally fail. With a configured callback auth (or also named external auth) URL, the GroupChat Server will take this login attempt and validate these credentials against the callback auth URL on the fly during login. A return of auth=1 will force the GroupChat Server to create this username / password combination in the GroupChat database; the client performing the login will immediately be authorized successful. Further logins will be performed against the GroupChat database directly until the auth fails, then the callback URL is called again. A return of auth=0 will reject the client.

Implementation

The website handling the callback auth can be written in any type of programming language, e.g. PHP, Asp.Net, Java, Ruby and so on. This page must listen on the parameters user and pass, GroupChat Server will call the URL by HTTP POST. The internal processing can be any kind of validation, from maintaining a static username/password file list to any kind of database query. The result to this URL request must then either be auth=0 or auth=1.

Sample (here using HTTP GET for demonstration only, POST must be used): http://www.think5.de/cms/DesktopModules/dnnGroupChat/callbackAuth.aspx?user=peter&pass=635434

Contribute Add/Edit this topic to extend this documentation with your experiences, questions and best practices.

Home - GroupChatServer Wiki

Installation and usage help for GroupChat Server

Eine Wiki Kurzanleitung findet sich unter QuickReference. Zum üben und ausprobieren bitte die PlayPage benutzen.

Recent Topics