Signature Authentication

The Signature authentication enables safe data retrieval. The Signature authentication service creates a user profile on Logora and avoid conflicts with existing users.This methods use a message signed by our secret key to send informations to Logora. The login process works as it follows :


Before you start : go to your Administration Panel > Parameters > Authentication to choose the authentication you wish to use

1.  The user logins on your website; you create a signed message providing the user informations and send it to Logora.

2. When the user navigates to a page where Logora is inserted, the signed message is inserted in the Javascript configuration variables with the parameter remote_auth.


3. Logora detects the signed message, check its fields and login the user according to its value. 


To implement this method, you have to get your secret key from your administration panel in "Parameters" > "General"

This secret key is private. It is meant to sign the message. 

 


AWARNING : check that sent parameters aren't hided by a cache. The session identifier must be up-to-date, regardless the user state, connected or disconnected.

How to create your signed message ? 


With JSON serialization and HMAC-SHA1, editors can send users informations to allow users to log in with a single ID and password. The signed message must be created on your servers and sent to Logora through Javascript configurations variables. The message is made of the three next items, separated with a space :  


1. The message body (base64 encoded)


Le message body must include the following attributes, case sensitive : 


  • uid : user unique identifier in your system, for example his/her ID in your database.
  • first_name : user first name or last name if last_name is empty. 
  • last_name (optional) : user last name.
  • email : user email.
  • avatar (optional) : link to the user avatar 

2. HMAC-SHA1 signature


Generated by :

 

HMAC->SHA1(secret_key, message + ' ' + timestamp


3. Timestamp (NOT base64 encoded)


Timestamp when the message is generated with Unix.


Standard example of pseudo-code :


payload = {
  uid: "123abc",
  first_name: "Jean",
  last_name: "Dupont",
  email: "jeandupont@exemple.com",
}
secret_key = "SECRET_KEY"
timestamp = 1262304000
signature = HMACSHA1(secret_key, payload + ' ' + timestamp)

// Variable message given to Logora
message = base_64(payload) + " " + signature + " " + timestamp

// Exemple de message signé
"ewogIHVpZDogIjEyM2FiYyIsCiAgZmlyc3RfbmFtZTogIkplYW4iLAogIGxhc3RfbmFtZTogIkR1cG9udCIsCiAgZW1haWw6ICJqZWFuZHVwb250QGV4ZW1wbGUuY29tIiwKfQ== 2adaad7aae9fa355250e4f4a40aee5df4f41595e 1579282659



4. Codes examples to help you generate your message


Code examples on the following link allow you to generate the SSO message in a few languages : PHP, Javascript, Ruby et Python.


Code examples SSO


How to send your signed message ? 


Once the message is generated, he must be sent through the Javascript configuration variable, remote_auth, in the synthesis and debate space code. 


var logora_config = {
        remote_auth: SSO_MESSAGE;
}



User disconnection


To detect user disconnection, Logora, checks the cookie availability. If the cookie isn't available or empty ,the user is disconnected.


Redirection towards the debate space after user connection 


When an unregistered user wants to participate on the debate, from the debate space or the synthesis, he/she is redirected to your login page. When inserting the debate space, you can define the connection and inscription URLs with the variables login_url and registration_url, 


<div id="logora_app"></div>
<script>
    // Configuration variables
    var logora_config = {
        shortname: "letrain", // Application name found in your administration panel 
        login_url: "Your connection URL", // Insert here your connection url
        registration_url: "Your redirection URL" // Insert here your redirection url
    };


    (function() {
        var d = document, s = d.createElement('script');
        s.src = 'https://api.logora.fr/debat.js';
        (d.head || d.body).appendChild(s);
    })();
</script>



When redirecting, a request parameter logora_redirect is sent, with the redirection URL. Use this parameter to redirect the user after his/her connection or inscription.The parameter name is editable, for example definied à redirect_to. To change the name of the parameter, please contact us.


Here are some other steps which might interest you : 

- Customize Logora
- Launch your first debate