jsConnect again...
computergenius
New
I have asked before, without getting a definitive reply, so I need to ask again.
On page http://docs.vanillaforums.com/features/sso/ there is the line
jsConnect pings your endpoint whenever it wants to know if a user is logged in on your site. It does this using the user's current session, so you can use your normal "is logged in" detection to determine this - nothing fancy here.
I assume that jsConnect is putting "something" in a variable, and firing that at my endpoint. But what is it sending me, and assuming that it is a variable, what is the variable called? When it says, "user's current session", what is it referring to? Surely not $_SESSION? Possibly a cookie?
I have tried debugging the call as it comes into to my non-standard CMS, but can't see any pattern.
Comments
jsConnect sends the client ID you've set up for the plugin in the dashboard, a timestamp and a signature.
It signs the request using the secret. It does so by concatenating timestamp + secret and then hashing that value.
Your application has to check the signature to validate that a request is actually from your forum so you can send back the full user information.
For debugging, put your connection in test mode (don't do this on a live system).
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
But how do I know which user jsConnect is asking about?
The user that is currently logged in. This all happens in the users browser.
There are client libraries with examples for various languages, e.g. PHP:
https://github.com/vanilla/jsConnectPHP/blob/master/index.php
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
AAAHHH..!
I was expecting a variable containing user info - and wondered how that would work, since the user hadn't told Vanilla who they were... OK, thanks, I should be able to move forward from here.
I had found the example, and understood, apart from where it said
2. Grab the current user from your session management system or database here.
where I assumed that it mean "current user that jsConnect is asking about", and didn't appreicate that it meant, "current user on your own system"