Sign In Sign Up

Whoami API

Add Whoami endpoint to Flarum

Whoami API

Compatible with Flarum v1.8.5

Latest release v1.0.0

6 downloads

released on Nov 7, 2023

Tags

authentication

single sign-on

Whoami API by Vimar

MIT license

This extension adds a new endpoint "/api/whoami" which exposes the data of currently logged-in user. By using this route with the POST /api/token route, you can use Flarum as an identity provider for your site.

Installation

Install manually:

composer require vimar/flarum-whoami

Updating

composer update vimar/flarum-whoami
php flarum migrate
php flarum cache:clear

Tutorial for Flarum Authentication

Login

To emulate a login statement to Flarum, we just call the Flarum POST /api/token in order to crate a token for registered user:

POST /api/token HTTP/1.1

{
    "identification": "John",
    "password": "pass7word",
    "remember": 1
}

HTTP/1.1 200 OK

{
    "token": "YACub2KLfe8mfmHPcUKtt6t2SMJOGPXnZbqhc3nX",
    "userId": "1"
}

then we store this token as a cookie (eg: flarum_token) for future use (by default an access token lasts 1 hour unless you add the remember parameter, in which case it lasts for 5 years.).

Note: To enable SSO between our website and flarum, we need to store a session_remember token as flarum_remember cookie too;

Verify logged-in user profile

Now, each time we want to know if an user is logged-in, we only need to call the following endpoint:

POST /api/whoami HTTP/1.1
Authorization: Token YACub2KLfe8mfmHPcUKtt6t2SMJOGPXnZbqhc3nX

HTTP/1.1 200 OK

{
    "data": {
        "type": "users",
        "id": "4",
        "attributes": {
            "username": "John",
            "displayName": "Jon Doe",
            "slug": "John-Doe",
            "joinTime": "2003-04-02T20:29:29+00:00",
            "discussionCount": 125,
            "commentCount": 2799,
            "canEdit": true,
            "canEditCredentials": true,
            "canEditGroups": true,
            "canDelete": true,
            "lastSeenAt": "2023-11-07T09:43:13+00:00",
            "isEmailConfirmed": true,
            "email": "[email protected]",
            "markedAllAsReadAt": null,
            "unreadNotificationCount": 0,
            "newNotificationCount": 0,
            "preferences": {
                ...
            },
            "isAdmin": true,
            ...
        },
        "relationships": {
            "groups": {
                "data": [
                    {
                        "type": "groups",
                        "id": "1"
                    }
                ]
            }
        }
    },
    "included": [
        {
            "type": "groups",
            "id": "1",
            "attributes": {
                "nameSingular": "Admin",
                "namePlural": "Admins",
                "color": "#B72A2A",
                "icon": "fas fa-wrench",
                "isHidden": 0
            }
        }
    ]
}

Logout

To logout, we need to delete our session cookie (containing access token) and eventually purge all of them on Flarum by calling

Extiverse

Breaching the frontier in Flarum forum and community management.

Twitter GitHub

Support

Legal

© 2024 Hyn by DaniĆ«l "Luceos" Klabbers. All rights reserved. · Extensions and extension information is provided by the respective (copyright holding) authors. · Extiverse is not affiliated to the Flarum project or Flarum foundation. · Images on Extiverse pages are from Unsplash.