REST WebServices for Register/Login/Authentification

Thomas PAPIN

unread,

Jul 23, 2015, 5:18:41 AM7/23/15

to joomla-dev-cms

Hello,

I was wondering if an "official" support/component was planned already for Joomla or exist as third party to allow: Registration / Login / and Check Authentification as REST services ?

If there is nothing, for registration/login I see how this could be done, but for authentification on next webservices request I was wondering what will be the best practise ?

Use a token on each request. In this case, could we used the php session_id as the token and create a system plugin to load the correct session ?

Due to the use of token in URL requests should be also in HTTPs.

Thomas PAPIN

unread,

Jul 23, 2015, 5:20:18 AM7/23/15

to joomla-dev-cms

I just found this project on github
https://techjoomla.com/rest-api-for-joomla

Niels Braczek

unread,

Jul 23, 2015, 5:54:05 AM7/23/15

to joomla-...@googlegroups.com

Am 23.07.2015 um 11:18 schrieb Thomas PAPIN:

> I was wondering if an "official" support/component was planned already for
> Joomla or exist as third party to allow: Registration / Login / and Check
> Authentification as REST services ?

https://github.com/joomla-projects/webservices

--
| New Stars on the Horizon: GreenCape · nibralab · laJoom |
| http://www.bsds.de · BSDS Braczek Software- und DatenSysteme |
| Webdesign · Webhosting · e-Commerce · Joomla! Content Management |
------------------------------------------------------------------

Chris Davenport

unread,

Jul 23, 2015, 3:03:46 PM7/23/15

to Joomla! CMS Development

I would not advise using the code in the Joomla webservices repository yet. It will be radically refactored over the coming months.

Chris.

--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cm...@googlegroups.com.
To post to this group, send an email to joomla-...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-cms.
For more options, visit https://groups.google.com/d/optout.

--

Chris Davenport
Joomla Production Leadership Team

Thomas PAPIN

unread,

Jul 24, 2015, 1:57:30 AM7/24/15

to joomla-dev-cms

ok

To post to this group, send email to joomla-...@googlegroups.com.

Ashwin

unread,

Aug 24, 2015, 11:40:21 PM8/24/15

to Joomla! CMS Development

Although not official, you can surely use
https://github.com/techjoomla/com_api

We're using it for scores of client projects and is pretty stable for what it does.

There's a user plugin that should take care if most what you need. I'd be happy to help if you had any questions.

Ronni Christiansen

unread,

Aug 25, 2015, 10:13:12 AM8/25/15

to Joomla! CMS Development

You can use https://github.com/redCOMPONENT-COM/redCORE for now.

Once the adoptation to Joomla Core is over you can swap over to that one - but we use it in redCORE all the time for apps, erp integrations etc. :)

Johan Janssens

unread,

Aug 25, 2015, 7:09:57 PM8/25/15

to Joomla! CMS Development

Hi Thomas,

Registration, login and authentication are very different things. They are all related but it seems from your question you are mostly referring to the authentication part. So will stick to that in my reply.

Using the session_id for REST authentication is really not ideal. Session id's are not build for this. For security reasons session id are setup to only be transported through session cookies, they are not part of the URL. REST often runs in a cookieless environment.

Also, using the session id would imply that a session would need to be started for each request. Currently this is one of the performance issues in Joomla that need to be resolved still.

A better approach would be to use stateless authentication. Possible solutions are :

- Basic Auth : https://en.wikipedia.org/wiki/Basic_access_authentication

- Digest Auth : https://en.wikipedia.org/wiki/Digest_access_authentication

- JSON Web Tokens : https://en.wikipedia.org/wiki/JSON_Web_Token

- Hawk : https://github.com/hueniverse/hawk

- TOTP : http://tools.ietf.org/html/rfc6238

A good overview of REST auth can also be found here : http://www.django-rest-framework.org/api-guide/authentication/

For a very simple basic auth solution for Joomla you can check our Basic Auth plugin on Github : https://github.com/joomlatools/joomla-basicauth/blob/master/basicauth.php

Happy coding!

Johan

Thomas PAPIN

unread,

Sep 2, 2015, 6:42:45 PM9/2/15

to joomla-dev-cms

Hello,

Thanks for your answer ,based on research and feedback from several people, My scenario is currently the following one:

- If https is available, use Basic Auth, otherwise use TOTP for "login" (I don't want to send plain username,password)

- login will returns a token (currently token = session_id, maybe in future case I will switch to JsonWebTokens but I don't see yet why JsonWebTokens is more accurate than a simple session_id ?)

- then token will be sent each request (stateless) in Authorization Http header.

- A Joomla plugin like yours will check Authorization http header try to load php session with session_id.

--

Reply all

Reply to author

Forward