The OAuth 2.0 protocol allows secure resource recovery while protecting your users' data. Logora offers an OAuth 2.0 compliant authentication service, which allows you to automatically connect your users to the Logora application once they are connected to your authentication system.
- Go to your Administration Space (Configuration > Authentication tab) to choose the authentication mode
- Get your API key and your secret key.
- When a user logs into your website, get a temporary access token by requesting authorization from our OAuth 2.0 server.
- Send the user's information to our server by passing the access token, and retrieve a session ID linked to the connected user. If Logora does not know this user, this user is registered with us.
- Pass the session ID to the Logora application, which uses it to identify the user.
- When the user logs out of your system, you call the Logora logout route.
An OAuth 2.0 access token is generated using your API key and secret key, through a POST request to our authorization route. Example using Curl:
If the request is successful, it returns an access token in the
access_token attribute. This access token is valid for two hours. The
created_at attributes are used to calculate the expiration date of the token.
With the access token, you can pass the user's information to Logora. When a user logs in through your authentication system, call the Logora login route. This route returns a session ID related to the user.
The Bearer OAuth 2.0 access token retrieved in step 1 must be transmitted via the
HTTP Authorization header.
The user informations consists of:
uid(required): unique identifier of the user in your system, e.g. their ID in your database.
first_name(required): the user's first name or nickname.
last_name(optional): user's last name.
Here is an example of a connection with CURL:
To identify the connected user, the Logora application must know his session identifier. Transmit this identifier via the
WARNING: check that the transmited parameters are not behind a cache. The session id must always be up to date, regardless of the user's state, logged in or not.
When the user disconnects from your authentication system, call Logora's logout route by passing the session ID, or remove the
Here is an example of a logout request:
When a user who is not logged in wants to perform an action on the debate space or overview, they are redirected to your login or registration page. When inserting the debate space or overview, you can set the login and registration URLs via the auth.login_url and auth.registration_url variables respectively:
When redirecting, a logora_redirect request parameter is passed, containing the URL of the page before redirection. Use this parameter to redirect the user after login or registration. The name of the parameter passed can be changed, it can be set for example to redirect_to (https://yourwebsite.fr/login?redirect_to=URL_ORIGINE). To change the parameter name, use the auth.redirectParameter variable.