I'm trying to understand the mechanics of login with YunoHost, for implementing automatic account login and creation for flarum. See also this guide on Flarum's side.
Here is what I gathered so far :
- Flarum can be extended to use alternative ways of login... Let's not look too far away and consider HTTP auth or LDAP.
- To do so, users will have to input their credentials somewhere : flarum's form, or SSOwat's ?
- If I choose the app's form, how can I check it against YunoHost ?
- Where do I send the
Authorization: Basic ... header, and how I can check if authentification is successful ?
- Or how can I connect directly to the LDAP server with the credentials, and get user information ?
- If I choose SSOwat, how do I redirect the user towards SSOwat to either check if they are already connected, or to prompt them SSOwat's login form ? Then again, how do I check if authentification is successful ? Some sort of token ?
- Then it's "only" a matter of creating the user on Flarum's side, if needed, or set a cookie to keep the authentification. I'm far from it. I can also have a hook on YunoHost's side to interact with Flarum API to create users in Flarum DB as soon as a new user is created in YunoHost.
LDAP way seems a bit more elegant, as it may deliver also the user's avatar ?
I've tried to have a look to other apps, to understand how they do it, but I'm at loss. Can I have the community's input ?