Web service with application-level and user-level authentiation

drupal.stackexchange https://drupal.stackexchange.com/questions/3738

  •  16-10-2019
  •  | 
  •  

Pergunta

I need to create a Drupal site (D6 or D7 are both OK) with an API. The Services module is the obvious choice, but I couldn't yet figure out if it is possible to do what I want.

My site will contain users and a list of mobile apps that are known to the site. Every user has an 'activity log' on the site (probably a view of nodes where type = activity and user = current user). The users can use one or more of those apps on their mobile devices. When a user does something with an app, the app should connect with the site through the API and write a message (ie. create an 'activity' node) in the user's activity log.

As far as I can see, I will need two levels of authentication. On the application level, the mobile app should identify itself as one of the known apps. On the user level, the user must log in with his username and password, to make sure that his actions will end up in the correct activity log.

I have not yet figured out the best way to do this with Services and related modules. I hope someone can tell me:

  • if it can be done;
  • which version of Services I need;
  • which related modules could be used for authentication;
  • how to configure them.

Thanks!

Foi útil?

Solução

Under D6, using Services 3.x

It may be more easy to consider that:

  • User authentication should be handled directly by Services (OAuth/API/Session)
  • Using an specific mobile app is a Permission:
    • in your module, in the resources definition, add a access_callback & access arguments:

Code:

/**
* Implementation of hook_services_resources().
*/
function mymodule_api_services_resources() {
  return array(
   'myresource' => array(
     'retrieve' => array(
       'callback' => '_mymodule_resource_retrieve',
       'access callback' => '_mymodule_api_access',
       'access arguments' => array('Use registered mobile app'),
       'access arguments append' => TRUE,
       ...

  • add corresponding permissions in a my_module_permission() hook: Code:

    /**
* Access callback for the resource.
*
* @param string $op
*  The operation that's going to be performed.
* @param array $args
*  The arguments that will be passed to the callback.
* @return bool
*  Whether access is given or not.
*/
function _mymodule_api_access($op, $args) { ... }

  • And then return false if the mobile app is not registered...

Licenciado em: CC-BY-SA com atribuição
Não afiliado a drupal.stackexchange
scroll top