10 years ago

4 years ago

Tickets General

3529

External JSON Authentication

Note: Bluetrait 8.0 will use a new encryption system compatible with PHP 7.2+. Docs will be updated once release.

Tickets 3.5+ and MrPassword 3.0+ supports a new authentication system based on the JSON protocol.

This system allows you to more easily authenticate users to an external database without the need to run a full Active Directory or LDAP server.

All our applications will include support for this style of authentication.

We have attached a PHP script that acts as the "server" component. You would include this script (with modifications) with your external application.

The external application can be running on another server or web host.

External Authentication

Tickets allows you to authenticate users against an external system or database.

For example if you have an existing phpBB forum installed you can allow users of this forum to login to Tickets without signing up an account. This also means that the user can always use the same password on Tickets as on the external system.

This system works by installing a small piece of code on your external system that Tickets will lookup whenever a user logs in.

Tickets uses a combination of HTTP(s), JSON, Rijndael 256 and base64 encoding to transmit and receive requests.

For added security it is recommended that your external application use SSL.

How it works

  1. User visits your Tickets site.
  2. User types in their existing username & password from your external system.
  3. Tickets in the background submits an HTTP request to your nominated URL (that contains the authentication code).
  4. Your external system replies with a success or failure message.
  5. If it is a success Tickets will automatically create a new user account and log the user in.
  6. If it is a failure Tickets will display a login failed message.

Tickets sends the following HTTP post array:

Array ( 
    [data] =>
    {
        "username":"johnsmith",
        "password":"1234",
        "task":"authenticate",
        "api_version":1,
        "program_version":"4.1",
        "program_name":"dalegroup.tickets"
    }
    [site_id] => 1 
)

The data array is encoded using base64 and then encrypted using Rijndael 256.

The Site ID value is posted without any encoding or encryption, allowing you to have different Tickets sites authenticating to a single URL.

As the data array is encrypted you must have the encryption key on both the Tickets site and your site match.

Tickets expects to receive the following response:

Array ( 
    [success]     => 1
    [name]         => "John Smith"
    [email]     => "john@example.com"
)

OR

Array ( 
    [success]     => 0
)

Again this array is encoded using base64 and then encrypted using Rijndael 256.