Logora
English

OAuth 2.0 Authentication

Single Sign-On Using OAuth 2.0 authentication

Laura
Written by LauraLast update 3 years ago

This OAuth 2.0 authentication enables safe data retrieval. The OAuth 2.0 authentication service creates a user profile on Logora and avoid conflicts with existing users. The login process works as it follows :


Before you start : go to your Administration Panel > Parameters > Authentication to choose the authentication you wish to use 


1. When a user login to your website, get your temporary token by requesting an authorization from our OAuth 2.0 server.


2. Send the user's informations to our serveur with the token, and get the session identifier linked to the connected user. If Logora doesn't know the user, he is logged in on your administration panel. 

 

3. Send the session identifier to Logora's application.


4. When the user disconnects from your system, you request the Logora's disconnection route.


To implement this authentication scheme, you must get your API key and your secret key from the administration panel in "Parameters" > "General"


Keep this informations private : they are meant to help you login users with Logora. 


1. Get your access token 


An OAuth 2.0 access token is generated by using your API key and your secret key, through a POST request towards our authorization route.
Example using Curl :


curl -d grant_type=client_credentials -d client_id=API_KEY -d client_secret=API_SECRET -d scope=authentication LOGORA_AUTH_ENDPOINT
// LOGORA_AUTH_ENDPOINT is given by our teams

// Answer example 
=> {"access_token":"Av9wbEK-0QTOdxhzB4S3-B1ZFKj1Z4y8Xcl17iVcHsg","token_type":"Bearer","expires_in":7200,"created_at":1579688184}


If the request is successful, it gives you back token in the field access_token. This access token works during two hours.
Attributes expires_in and created_at allows you to calculate the token expiration date. 


2. Connect the user on Logora


With the access token, you can send the user informations to Logora. When a user connects through your authentication system, call the Logora connection route. This route sends back the user session identifier. 


The access token Bearer OAuth 2.0 from step 1 must be sent through HTTP header Authorization.


User informations are the following : 


  • uid (mandatory) : user unique identifier in your system, for example his/her ID in your database.
  • first_name (mandatory) : user first name or pseudo.
  • last_name (optional) : user last name.
  • email (mandatory) : user email. 

Here is a connection example using CURL :


curl -H "Authorization: Bearer Av9wbEK-0QTOdxhzB4S3-B1ZFKj1Z4y8Xcl17iVcHsg" -d uid=12 -d first_name=Jean -d last_name=Dupont -d email=jean.dupont@exemple.com -X POST LOGORA_LOGIN_ENDPOINT 
 
=> {"success": "true","session_id": "14c98398-08c7-42ae-b1f7-e435920fccec"}


3. Send the session identifier


To identify a connected user, the Logora application must know his/her session identifier. Send this identifier with the parameter remote_auth in the Javascript configuration variables in the synthesis and the debate space. 


WARNING : check that sent parameters aren't hided by a cache. The session identifier must be up-to-date, regardless the user state, connected or disconnected.


var logora_config = {
    remote_auth: "14c98398-08c7-42ae-b1f7-e435920fccec",
    //... Other parameters
}



4. User disconnection


When a user disconnects from your authentication system, call Logora disconnection route by sending the session identifier, or remove the parameter remote_auth.


Here is a disconnection example with Curl :


curl -H "Authorization: Bearer Av9wbEK-0QTOdxhzB4S3-B1ZFKj1Z4y8Xcl17iVcHsg" -d session_id=14c98398-08c7-42ae-b1f7-e435920fccec -X POST LOGORA_LOGOUT_ENDPOINT
// LOGORA_LOGOUT_ENDPOINT is given by our team 

=> {"success": "true"}


5. Redirecting to the debate space after user connection

When an unregistered user wants to participate on the debate, from the debate space or the synthesis, he/she is redirected to your login page. When inserting the debate space, you can define the connection and inscription URLs with the variables login_url and registration_url.

<div id="logora_app"></div>
<script>
    // Configuration variables
    var logora_config = {
        shortname: "letrain", // Application name found in your administration panel 
        login_url: "Your connection URL", // Insert here your connection url
        registration_url: "Your redirection URL" // Insert here your redirection url
    };


    (function() {
        var d = document, s = d.createElement('script');
        s.src = 'https://api.logora.fr/debat.js';
        (d.head || d.body).appendChild(s);
    })();
</script>


When redirecting, a request parameter logora_redirect is sent, with the redirection URL. Use this parameter to redirect the user after his/her connection or inscription.The parameter name is editable, for example definied à redirect_to. To change the name of the parameter, please contact us.


Here are some other steps which might interest you : 

- Customize Logora
- Launch your first debate



Did this answer your question?