I am doing external authentication to my elgg site, I mean user sign into PHP based website we have and it internal calls elgg Rest webservices and creates a session. To implement this, I am calling the below URLS (giving example based on GET method )
http://myelggsite.com/services/api/rest/xml/?method=auth.gettoken&username=user&password=password
The above giving me the token and passing the token to below URL
http://myelggsite.com/services/api/rest/xml/?method=auth.verify&auth_token=<token from the above URL>
and then I am going to
http://myelggsite.com/
If I hit the three URLs manually on the browser , I mean run the first URL get value , form the second URL based on it and hit it on browser and get the Success XML file and the hit my elgg site . It signs in and takes me to dashboard, no issues. But this is done manually. So to automate this
I am using the below PHP code
<?PHP
$output = file_get_contents("http://myelggsite.com/services/api/rest/xml/?method=auth.gettoken&username=user&password=password
");
$token=substr($output,101,32);
$output = file_get_contents("http://myelggsite.com/services/api/rest/xml/?method=auth.verify&auth_token=$token");
header('Location: http://myelggsite.com/');
?>
But the above PHP takes me to the elgg login page and asks me for credentials. In first two steps authentication happend, so in the thrid step it should take me directly to dashboard, but that is not happening .
The token I am passing is correct. Even I printed the token and tried it manually and it worked. But to automate this using the above simple 3 lines PHP program it fails.
Any ideas what I am doing wrong ?
Thanks a lot for your help
Regards
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.