Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

In this Discussion

Ready to contribute?

Amazing! Sign our contributors' agreement and then join us on GitHub.

Update for critical security issue in PHPMailer included in release Vanilla 2.3.1

jsConnect doesn't send the timestamp

I've integrated SSO with jsconnect and it's working fine in test mode so to speak, but I can't get it to go secure. The problem is when Vanilla pings my endpoint, it doesn't sends timestamp and signature so the response that I get back is only a photo and name. In my jsConnect setting, I have not checked the option "This connection is in test-mode." What do I have to do make vanilla send those optional parameters as well?

Any clues?

Comments

  • VipulKVipulK New
    edited April 30

    UPDATE: So if I click on the Test URL in the admin panel, I get timestamp and signature but when Vanilla is auto checking for login status, it is not sending those parameters.

    Please help out guys...

  • LincLinc Vanilla's Bard (and Lead Developer) Detroit Vanilla Staff
    edited May 12

    It's supposed to ping the endpoint without the secure parameters from the site, because all it's doing is attempting to populate the "Sign In With X" option with their username and avatar.

    Set jsConnect as the default connection method in its options. For redirect after login on your site AND in any links to the forum from your site, use /sso in the forum path (you can set a final destination with the Target param if you want them to land somewhere other than the home page).

    You can also accomplish this without using the default connection by sending the user thru /entry/jsconnect and passing the ClientID parameter. The /sso endpoint is just a magic redirect to this for the default connection.

    There is no "magically log me in just from visiting the forum" option. That would hammer your site with authentication requests from every page view.

  • Thanks Linc for your response.

    The /sso part, I get that, I use it to redirect user after login to sign them in the forum but I don't use it on all my forum links because that would not allow the user to browse the forum without logging in. jsConnect is set as the default option as well.

    The problem is if the user is logged in on my site and visits the forum, He gets a "Sign in with X" option along with regular "Sign in, Register" buttons. So he has to click the "Sign in with X" to complete the sign in. I get your rationale of too many hits on my website and that makes sense but for UX, this seems like a redundant step for the user. Also the buttons get confusing.

    It would also work for me if the "Sign in, Register" buttons would disappear after "Sign in With X" buttons show up. That would be less confusing for the user as he only has one option now. Is that possible to do?

  • LincLinc Vanilla's Bard (and Lead Developer) Detroit Vanilla Staff
    edited May 17

    because that would not allow the user to browse the forum without logging in.

    If the user isn't logged in, the /sso endpoint silently redirects to the home page as far as I know.

    You could also modify the links based on the user's signed-in state on your side.

    The Sign In & Register buttons will both redirect solely to your site (and omit a separate "Sign in with X" button) if you set the connection to be your default registration and set your registration method to Connect.

    I do not think hiding a valid sign-in option would be better UX, but you could do that manually with Javascript I suppose if you wanted it.

Sign In or Register to comment.