Forcing a dummy user to be logged in.

edster - 2 months ago

I am integrating with a 3rd party service to be able to access a module on a site. They login on the 3rd party, and submits a hashed key to me that I then use to verify its legit and get in return there name and other data needed for my system to complete there request.

That being said, I don't want to manage all these users (100k +) in my pyro install.

I was thinking of verifying the request from the 3rd party and then sign in a dummy user with the users module.

Is this a good idea? What is the other ways of tackling this that might make more sense? This type of thing is new to me.

Thanks!

Answer

ryanthompson - 2 months ago

A lot of SSO stuff still creates users and auths them that way. I've done this too. You can basically populate the dummy user with 3rd party information then force them in with your own strategy.

Check out the authentication services here: https://pyrocms.com/documentation/users-module/latest#services/authentication

ryanthompson - 2 months ago

A lot of SSO stuff still creates users and auths them that way. I've done this too. You can basically populate the dummy user with 3rd party information then force them in with your own strategy.

Check out the authentication services here: https://pyrocms.com/documentation/users-module/latest#services/authentication

edster - 2 months ago

Thanks Ryan, for clarification

if I were to do like $user->setAttributes() //containing name,email other important shit then $authenticate->login($user);

This would persist across multiple pages (need to do some ordering and cart stuff), but no actual DB user would be created. And basically gets trashed once you log them out?

ryanthompson - 2 months ago

I would keep a DB user per API / 3rd party user.

edster - 2 months ago

If that is how it should be, so be it.

Is there an elegant way to hide them from the control panel? I guess I can just extend the users table builder and exclude them? I guess I'll make a observer to block them from being able to login except through that API point.

ryanthompson - 2 months ago

Could add a static callback to the UserTableBuilder