Chapter 13. Web Service: auth
Prev   Next
Recite CMS Web Services Development Guide > Web Service: auth

Web Service: auth

Table of Contents

authenticate
isValidToken
getIdentity
destroyToken

WSDL: http://xyz.example.com/__/webservices/auth?wsdl

This web service is used to authenticate users on the client site. For users to authenticate, they must be part of a user directory created in the control panel for the given client.

Additionally, user functions such as logging in, updating details or resetting password must all have a corresponding form created the control panel.

Note

For a user to log in, there must be a log in form present in the control panel, however you cannot use the forms web service to log them in. You must use the auth web service as outlined in this chapter to authenticate users.

When a user successfully logs in, an authentication token is returned which must be remembered by the client site for future requests. The token is included in subsequent requests using a cookie called authToken.

Note

Currently the only web service that requires presence of this authentication cookie is the update details form.

The bundled PHP library has built-in support for authentication and sending the authentication cookie in web service requests.

Important

If you're using the bundled PHP client you must enable sessions prior to using the bundled authentication manager. You can do so using session_start(). If you try to use authentication without starting sessions an exception will be thrown.

Tokens automatically expire if they are unused for more than an hour. Every time a token is passed using the authToken cookie, or as an argument to the isValidToken() or getIdentity() methods the time stamp of the token is updated (thereby preventing expiry).

authenticate

  • Argument 1: Module_Webservices_Auth_AuthenticateRequest

    The authentication data including username and password

  • Returns: Module_Webservices_Auth_AuthenticateResponse

This method is used to authenticate a user. For this method to work you must have at least one log in form created in the control panel. The form defines which user directory the authenticating user must belong to. If you have multiple log in forms you can specify which one to use with the formId property of the request.

If authentication was successful, the return data will contain the authentication token and identity data of the authenticated user which the web service client site must then store and handle as required.

If authentication was not successful then the return data will contain one or more error messages.

Prev   Next
getDirectories Home isValidToken