Forum Discussion

KelechiKelechi's avatar
KelechiKelechi
Qrew Trainee
7 years ago

Authenticate already signed in user in my app

How do I authenticate an already signed in user in my app. 

User already logged in site.quickbase.com and clicks a formular button.
The button opens a new tab in the browser, which has my PHP app.

How can i authenticate this user in my app..instead of requiring the user to login
  
Account and realm management
APIs and custom code

5 Replies

Sort By
  • _anomDiebolt_'s avatar
    _anomDiebolt_
    Qrew Elite
    7 years ago
    You can't do this. The ticket issued when you log into QuickBase is inaccessible to JavaScript as it is saved and sent as a secure HTTP only cookie. The only way to gain access to a ticket via JavaScript is by immediately reading the XML response from API_Authenticate and this is not the mechanism used when doing a normal login to QuickBase through the web page.
    • _anomDiebolt_'s avatar
      _anomDiebolt_
      Qrew Elite
      7 years ago
      Technically you are not supposed to share a QuickBase ticket among multiple users as it is probably against their terms of service. So even if you had access to the logged in user's ticket, sending it to your server and making API calls to QuickBase from your server might run afoul of the terms of service.
    • KelechiKelechi's avatar
      KelechiKelechi
      Qrew Trainee
      7 years ago
      Okay. This means the user will need to login again on the new app. A new user's ticket will be generated.

      Now the default ticket hours is 24, What is the maximum ticket hours that can be specified.. I can't seem to find a definitive answer in the docs

      Thank you
    • _anomDiebolt_'s avatar
      _anomDiebolt_
      Qrew Elite
      7 years ago
      Logging in with API_Authenticate has a default lifetime of 12 hours. You can set &hours but I don't know what the maximum allowed value is as it is not documented and I never test it.

      Most of my API work is done client side where the user is already logged in. You never have to call API_Authenticate in this scenario. The ticket will be sent on every call to quickbase.com automatically as a HTTP Only Cookie. 

      In you scenario you would have to call API_Authenticate from your server to QuickBase and set the &hours parameter appropriately.