Hi,

I'm struggling to get to grips with how to use the oauth connector for my use case. I've tried loads of different things and looked online and am stuck, can anybody help?

Backstory
I'm the developer for a school and we have a school VLE(intranet site). Pupils and staff login to the VLE every day and can access load of things. This VLE is an OAuth provider. I've written(part written) a Drupal module(on a different server) that does a lot of work that the VLE isn't capable of and basically does some DB display and processing. The Drupal site should be hidden from the user; ie they never need to login, logout or see any standard navigation menus, I've disabled all the Drupal blocks so users don't even know they are on a different server or site, it's iframed on the VLE!

Use Case
The user is logged into the VLE and clicks a link to go to a page on the Drupal server. As part of the normal menu access checks I need to validate who the VLE user is, check the username against the Drupal users, log them into Drupal and then display the requested page.

What I've got
I can quite happily oauth the user, and also the VLE provides an API that I can successfully use to find out who the user is! At this point I have an access token successfully written(I've manually updated the oauth_common_token table uid, type and authorized fields, cos I couldn't find out how to do it 'properly') and I am trying to log the user in. I've used the following code to log the user in...

global $user;

$user = user_load($uid, TRUE);
if ($user) {
  drupal_save_session(TRUE);
  $form_state = array();
  $form_state['uid'] = $uid;
  user_login_finalize($form_state);
  drupal_save_session(TRUE);
}

After all the oauth and the above login code I redirect back to the page that was originally requested, which will then just need to perform the user_access() method.

Because all machines are shared, and the user isn't logging out of Drupal at any point I need to oauth every page request to make sure that the Drupal user matches the VLE user.

Problem
I've added loads of debug statements and it appears that when I redirect back to the requested page, the user is not logged in anymore and it goes back to the VLE's oauth page; 'app want to connect with VLE - Connect'. I've spent nearly a week on this and the deadline is long since gone.

I don't know if this is because of my login code, or because of my usage of oauth using connector. How would somebody else implement the above use case using connector?

Many many thanks in advance!!