Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Can't sign in with jsConnect and PHP

I've read the documentation page a dozen times and read every article and thread on the topic but I don't understand how Vanilla's SSO is supposed to work and the steps to take. With just blind luck, here's what I have so far -

  1. I've installed the js Connect and here are the url settings entered in the dashboard
    Authentication URL: http://localhost/Website/inc/vanilla-signin.php
    Sign In URL: http://localhost/Website/login.php?src=vanilla

  2. I got a sign in button on the forum that correctly links to the Sign In page and on the page I have

    require_once 'inc/functions.jsconnect.php';
    $clientID = "1939851011";
    $secret = "023330529eb2a947d28ee86d75c838b8";
        if(isset($_GET['src']) and $_GET['src'] == 'vanilla'){
            $vanillaSignedIn = true;
        } else {
    } elseif(isset($_POST['signInSubmit'])) {
        $email = $_POST['email'];
        $password = md5($_POST['password']);
        $loginQuery = mysqli_query($connect,"SELECT * FROM `users` WHERE `email` = '".$email."'");
        if(mysqli_num_rows($loginQuery) > 0){
            $val = mysqli_fetch_assoc($loginQuery);
            if($val['password'] == $password){
                $_SESSION['user'] = $val;
                if(isset($_GET['src']) and $_GET['src'] == 'vanilla'){
                    $vanillaSignedIn = true;
                } else {
            } else {
                $_SESSION['error'] = 'Incorrect Password entered. Please try again.';
        } else {
            $_SESSION['error'] = 'No user associated with this email address.';
    if (isset($vanillaSignedIn) and $vanillaSignedIn == true) {
        $user = array();
        $user['uniqueid'] = $_SESSION['user']['id'];
        $user['name'] = $_SESSION['user']['name'];
        $user['email'] = $_SESSION['user']['email'];
        $user['photourl'] = 'img/users/'.$_SESSION['user']['profile_image'];
        $secure = true;
        WriteJsConnect($user, $_GET, $clientID, $secret, $secure);
    <!-- Html sign in form -->

I'll change my client id and secret later, this is only for testing.

So when WriteJsConnect is executed I get an error {"error":"invalid_request","message":"The client_id parameter is missing."}

If I use $secure = false; instead, I get a string with all the correct information filled in. What am I doing wrong?


  • This is not the right category for this post. It should have been written in v2.3. Can I or Moderators move it please?

  • Anybody?

  • LincLinc Detroit Admin

    It's a mistake to handle sign-in and your SSO endpoint in the same file, in my opinion. They are two very different functions that are creating a very muddled logic chain above.

    The endpoint is pinged by the forum's SSO using client-side Javascript and therefore the user's current session which is the only big logical leap of using jsConnect. Telling us you've read all the docs repeatedly and still haven't any idea what you're doing kinda just makes me throw up my hands. What else can I say? Trying to do a technical debug when you don't understand what you're doing sounds like a painful time to me.

  • Sorry Linc if I disrespected your work but I don't get it how to do SSO. I can't find any instructions. This page lists the overview of integration and this next page goes straight into custom integration if a library is not available. Am I missing something? Where are the steps/instructions for using the libraries. What is the correct procedure? I tell you, I reached this far by blind luck, I am not getting it.

    Sorry again for a stupid question.

  • Okay, I'll ask one questions at a time. What is the difference between Authentication URL and Sign In url? If my user is signed in already, do I send him to authentication url with relevant $_get parameters? Is that where the WriteJsConnect function should be executing?

  • VipulKVipulK New
    edited January 2017

    Please help me with some easy to follow steps. Give me a hint. I need to integrate this to my site

  • LincLinc Detroit Admin

    The Sign In Url is where the jsConnect addon sends a user when they need to sign in.

    The Authentication Url is an endpoint you create using WriteJsConnect(). The user never lands there. It should always output JSON.

  • Is it the sign in url or authentication url that calls WriteJsConnect() if the user is authenticated?

  • LincLinc Detroit Admin


  • If writeJsConnect needs the input of $_GET array, does that mean I need to call my authentication url with get parameters, callback, client id, etc.? I can do that when I'm sending user from login page to authentication page but if vanilla calls authentication url directly, where will the parameters come from?

    In my jsConnect plugin, for authentication url, do I enter the url http://localhost/Website/inc/vanilla-signin.php? or do I add parameters too like http://localhost/Website/inc/vanilla-signin.php?client_id=xxxx&callback=xxxx&timestamp=xxxx&signature=xxxx?

    If so, how do I get the values of timestamp or signature in? If not, what is the right way to do it?

Sign In or Register to comment.