Home/ Questions/Q 9210893
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T01:10:40+00:00

EDIT Originally I thought Oauth2 is the way to go but maybe it is

  • 0

EDIT Originally I thought Oauth2 is the way to go but maybe it is not. I’ll leave that out of this question for now as it is confusing things.

I’m creating a mobile app (Android/iOS). I’d like the user to enter their credentials (user/pass) in the mobile device which would then get sent to my server (Joomla CMS) to verify the credentials and create/send a token. I don’t want to store the user/pass on the device just the token.

In addition this token needs to have a timeout to be refreshed when needed. Such as credentials have changed.

At this point I’m trying to figure out what the architecture of this will look like.

Are there any tutorials on how you can achieve this (ideally with Joomla)? Anything that someone could point me to?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The end solution is to create my own Joomla component. Pretty much everything is in my controller. Not the final code but something like this will work.

    defined('_JEXEC') or die;
jimport('joomla.application.component.controller');

class FooauthController extends JController
{
function __construct() {
    // params
    $jinput = JFactory::getApplication()->input;
    $this->username = $jinput->get('user', '', 'STRING');
    $this->password = $jinput->get('password', '', 'STRING');
    $this->checkParameters();
}

private function checkParameters() {
    // datatype checks

    if ($this->username == '' || $this->password == '') {
        header('HTTP/1.1 400 Bad Request', true, 400);
    }

}

private function createToken() {
    // token generation - what Joomla does (just an example)
    jimport('joomla.user.helper');
    $salt   = JUserHelper::genRandomPassword(32);
    $crypted  = JUserHelper::getCryptedPassword($password, $salt);
    $cpassword = $crypted.':'.$salt;
    return $cpassword;
}

function execute() {
    // Get the global JAuthentication object
    jimport( 'joomla.user.authentication');
    $auth = & JAuthentication::getInstance();
    $credentials = array( 'username' => $this->username, 'password' => $this->password );
    $options = array();
    $response = $auth->authenticate($credentials, $options);

    // success
    if ($response->status === JAUTHENTICATE_STATUS_SUCCESS) {
        $response->status = true;
        echo json_encode($this->createToken());
    } else {
        // failed
        $response->status = false;
        echo json_encode($response);
    }

}

    }

    This represents a component called com_fooauth. Now the native app will send a query like this: 

    http://www.myhost.com/index.php?option=com_fooauth&user=username&password=pass&format=raw

    Kind of a short cut to put everything in the controller, but hopefully you get the idea.

    • 0