Web Service for User Login
| Project: | Drupal |
| Version: | 7.x-dev |
| Component: | base system |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | patch (code needs work) |
This patch adds an authentication to drupal's web service so clients accessing xmlrpc.php don't always have to be Anonymous. Implementation is simple:
1. Client requests an authentication token, basically a session id
2. Drupal checks their crudentials (username/password) (system.getToken) and returns a token (same as a PHP session id). This is the same as a login through user/login, the current session id (Anonymous) becomes a user.
3. All subsequent requests sent by the web service client go to: /xmlrpc.php?token={session id}
4. xmlrpc.php was modified to recreate the session with the logged in user.
5. Unrelated, but felt compelled to fix. At the end of an anonymous xml-rpc request, the record from {sessions} is removed from the db. Not sure if this would break anybody's functionality, but it seems strange to me to keep that session id around.
| Attachment | Size |
|---|---|
| xmlrpc_10.patch | 2.64 KB |
#1
this looks like a reasonable implementation to me ... i don't like #5 since some modules rely on session data even for anon users.
#2
#3
I have tried to apply this patch on Drupal 5.1, but I had to make some small modifications to make it work. See the attached patch, which is an updated version of the original, although without item #5 of the original post.
#4
I'm setting back the version to 6.x-dev, since I did not mean to make this a feature request for 5.1, just wanted to share the patch for Drupal 5.1 in case somebody needs it.
#5
No longer applies.
#6
Ideally Drupal will implement the new OAuth spec for this - http://oauth.net/
#7
OAuth doenst seem to be ready at the moment. But its a real nice idea definitly something for drupal 7
#8
Hi Guys
I am sorry I dont have so much deep knowledge in Technical like you guys.
I am currently facing 1 problem.
I am using Drupal 5.7 version now and i made 3 websites for different purposes but now i am thinking of making some web service in Java Which will provide a common login for all 3 websites.
Now i am reading about Service module but still cant figure it out how to implement it.
So is it possible to do like this and please can anybody guide me and how i should implement this patch??
Quick reply will be really appreciated.
Thanks to all in advance.
REgards
Ankit
#9
Ankit, please don't hijack hijack old issues for new support requests. A list of places to find support can be found at http://drupal.org/support
#10
This effort is being duplicated by the Services module, which doesn't seem sensible. Have you had a look at the User Service?
http://drupal.org/project/services
#11
It is quite common for functionality to start in Contrib and then find its way to core. Quite sensible, and common.
#12
Oh, yes - I don't dispute that for an instant - but these seem to be separate efforts, not contrib becoming core...? I'm suggesting there could be some liaison with the Services guys - I'm not making any comment on development paths in general... just this one.
It might be that the Services guys can remove their login/logout methods from their D7 version, but if there's no communication and you're both building the same thing...! See my point?