This authentication mode allows to automatically connect users to Logora once they are authenticated through your login system. This method uses a JWT token (JSON Web Token) with your secret key to convey the user's data to Logora.
- Go to your Administration space (Configuration > Authentication) to choose the authentication mode
- Get your API secret key. This secret key will be used to create the JWT token. It must be kept confidential.
- When the user connects to your website, you must create a JWT token containing the user's information. It will be transmitted to Logora.
- The Logora application detects the JWT token, decodes it, verifies it and registers or connects the user.
WARNING : the JWT token transmitted to Logora must always be updated according to the state of the user, whether they are connected or not. If the pages of your website are behind a cache, especially the pages that contain the debate summary, it is possible that the JWT token is not updated. If caching is interfering with the creation of the JWT token, use another authentication method.
It must include the following case-sensitive attributes:
uid: unique identifier associated with the user in your database.
first_name: user's first name, or username if
last_name(optional): the user's last name.
avatar(optional): link to the user's avatar.
iat: date of generation of the JWT token
Example in pseudo-code
remote_auth, in the debate space code.
To disconnect the user, remove the
remote_auth parameter or transmit an empty string. If the parameter is empty, Logora considers that the user is disconnected.
When a user who is not logged in wants to perform an action on the debate space, they are redirected to your login or registration page. When inserting the debate space and the overview, you must define the login and registration URLs via the auth.login_url and auth.registration_url variables respectively.
When redirecting, a logora_redirect request parameter is passed, containing the URL of the page before redirection. Use this parameter to redirect the user after their login or registration. The name of the parameter passed can be changed, it can be for example set to redirect_to. To change the parameter name, use the auth.redirectParameter variable.