LOGIN API FOR EXTERNAL USAGE

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The current feature release of phpBB 3 is 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Post Reply
Neighoff
Registered User
Posts: 2
Joined: Mon Feb 25, 2019 5:35 pm

LOGIN API FOR EXTERNAL USAGE

Post by Neighoff »

I am not sure if this is in the correct place to ask this question, but it seemed to be the best place I can find.

I build apps that bounce login info against the registered users within phpBB which worked as of 3.0.14. But with the change to the password hashing which is probably for the best, I ask for an API that I could pass username and password to from my apps and in return receive back a pass or fail condition and or error for fail along with hashed password on pass condition. I store the hashed password to the app to bounce against phpBB data as a user logs into the app. it might sound redundant but I like to use double check routines.

So I ask if there is anyway an API could be made and even included with the phpBB files for such a use?

Thank you for your time.

Neighoff

p.s. Thanks for custom profile fields they are AWESOME, I no longer have to build new code to merge into phpBB. I just pull the data I need to read and use. So thank you for that feature.
Last edited by Neighoff on Tue Feb 26, 2019 8:35 am, edited 1 time in total.

Neighoff
Registered User
Posts: 2
Joined: Mon Feb 25, 2019 5:35 pm

Re: LOGIN API FOR EXTERNAL USAGE

Post by Neighoff »

I would like to add that in 3.0.xx series I extracted the password hashing code since there wasnt an API back then. If an API was present to verify user data within phpBB, I would had no need to extract the code for use. Now with the new protocols in place for the password hashing, it became apparent that an API like bridge to authenticate user would be the next step vice reinventing the wheel which works perfectly fine in my book. Or breaking phpBB code to use in external apps authentication process.

User avatar
mrgoldy
Former Team Member
Posts: 64
Joined: Fri Dec 18, 2015 9:41 pm
Location: The Netherlands
Contact:

Re: LOGIN API FOR EXTERNAL USAGE

Post by mrgoldy »

A REST API is already listed as a GSoC Idea.
However, I do believe it is also considered outside the scope of the GSoC project (correct me if I am wrong), so not sure when we will be seeing it.

Alternatively, perhaps it's possible that you create your own extension that handles the part you're requesting:
Neighoff wrote:that I could pass username and password to from my apps and in return receive back a pass or fail condition and or error for fail along with hashed password on pass condition.
Not sure if that's possible, but in your extension create a route which you can access from your apps, handle the authentication and send back the desired requests? This will need the extension installed on the board's that will use your apps, but you can list that as a requirement I suppose.

Not ideal but a "in-the-meantime"-solution.
phpBB Studio Proud member of the Studio!

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1904
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: LOGIN API FOR EXTERNAL USAGE

Post by DavidIQ »

I had started an API extension a while back and, while it's super raw and has very little or useful functionality, it should give you an idea of where you might start and incorporates some of what posey mentions:
https://github.com/DavidIQ/forumapi

I would be very weary of using an API for auth purposes though and would make sure it's got some way to validate the requests for authorization. Having just a key that needs to be validated can leave you open to data leaks or worse.
Image

Post Reply