Aura.Auth - Additional authentication variable
21 views
Skip to first unread message
Andy Tr
Feb 7, 2017, 8:58:23 AM2/7/17
to The Aura Project for PHP
Hi all,
I'm a relative PHP beginner, being self-taught and writing code for 20 hours per week for the last 7 months or so.
I've written a web-app, which is using Aura.Auth to authenticate based on email address and password at present. However, I've realised that some of my potential users are likely not to have an email address, therefore need some other way of securely identifying them. I've come to the conclusion that using a "company ID" (unique customer company-wide login name) + username + password is probably the best method in terms of security and easy to remember for the users.
Does anybody have any pointers on how I would go about configuring the Auth module to accept the company ID + username + password combination, without hacking it to bits, please?
Cheers
Andy
Hari K T
Feb 7, 2017, 11:43:06 AM2/7/17
to aur...@googlegroups.com
Hi Andy Tr,
Nice to see you here, and good to know you as a beginner has found Aura, and is using it without much pain :-) .
Sorry to say that your use case is not covered in the current scenario.
But you are not limited to write your own adapter in this case.
You can extend https://github.com/auraphp/Aura.Auth/blob/f83060d3004af3777f0fc2b6c6672174e6133f7d/src/Adapter/AdapterInterface.php#L32
which can have the company_id, username, password and authenticate with the system.
Thank you
Hari K T
You can ring me : +91 9388 75 8821
http://harikt.com , https://github.com/harikt , http://www.linkedin.com/in/harikt , http://www.xing.com/profile/Hari_KT
You can ring me : +91 9388 75 8821
http://harikt.com , https://github.com/harikt , http://www.linkedin.com/in/harikt , http://www.xing.com/profile/Hari_KT
Skype : kthari85
Twitter : harikt
--
You received this message because you are subscribed to the Google Groups "The Aura Project for PHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to auraphp+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Andy Tr
Mar 7, 2017, 9:53:43 AM3/7/17
to The Aura Project for PHP
Hi Hari,
Apologies for not responding to your reply. I didn't receive any notification from the group that somebody had posted on this thread. After a brief period looking at the login script I had written to use Aura, I found a very simple way to resolve my problem...
I have a master 'users' table which Aura.Auth uses for credentials. I simply added another column for 'business', then passed everything to Aura.Auth as $business . '\\' . $user, which it takes as the full username, rather than two separate variables. I'm unsure if this introduces any new security flaws, but I don't think it does, from what I can see.
Cheers
Andy
Reply all
Reply to author
Forward
0 new messages