I need to perform authentication from a (non-Drupal) web application to Drupal in order to subsequently load, using Ajax requests to the REST service, some data that is only available for authenticated users.

As my application runs on another domain/port, the Same Origin Policy applies and I cannot make standard AJAX requests. The most appropriate way forward seems to either use JSONP AJAX requests, or wait until the issue "The OPTIONS request method and preflighting cross domain requests" has been resolved.

For the first approach of using JSONP, I can only make GET requests (by the nature of JSONP, POST seems not possible). – And here comes the problem: the 'user' resource of the Services module only provides a 'login' action using POST. Is there a way to circumvent this? Do actions need to be POST?

I suppose that authentication from external web applications to Drupal is going to be a frequent use case so I am wondering how to best approach this. Many thanks for any pointers.

Kaspar

Comments

hbfkf’s picture

hbfkf commented
Issue summary: View changes

Clarification.

kylebrowning’s picture

kylebrowning commented

So you're going to pass a username and password in a GET request to a url on another domain?

hbfkf’s picture

hbfkf commented

Ah, I see. Would that be a problem with https? Well, yes, to some extent probably yes as this appears in the logs (if they are configured this way).

So better use the OPTIONS pre-flighting then?

marcingy’s picture

marcingy commented
Category: feature » support
marcingy’s picture

marcingy commented
Status: Active » Closed (cannot reproduce)
marcingy’s picture

marcingy commented
Issue summary: View changes

Clarification.