Authenticate already signed in user in my app

  • 0
  • 1
  • Question
  • Updated 12 months ago
  • Acknowledged
How do I authenticate an already signed in user in my app. 

User already logged in site.quickbase.com and clicks a formular button.
The button opens a new tab in the browser, which has my PHP app.

How can i authenticate this user in my app..instead of requiring the user to login
  
Photo of Kelechi

Kelechi

  • 102 Points 100 badge 2x thumb

Posted 12 months ago

  • 0
  • 1
Photo of Ⲇanom the ultimate (Dan Diebolt)

Ⲇanom the ultimate (Dan Diebolt), Champion

  • 26,502 Points 20k badge 2x thumb
You can't do this. The ticket issued when you log into QuickBase is inaccessible to JavaScript as it is saved and sent as a secure HTTP only cookie. The only way to gain access to a ticket via JavaScript is by immediately reading the XML response from API_Authenticate and this is not the mechanism used when doing a normal login to QuickBase through the web page.
Photo of Kelechi

Kelechi

  • 102 Points 100 badge 2x thumb
Thank you very much.. This is what i thought of initially.
Photo of Ⲇanom the ultimate (Dan Diebolt)

Ⲇanom the ultimate (Dan Diebolt), Champion

  • 26,372 Points 20k badge 2x thumb
Technically you are not supposed to share a QuickBase ticket among multiple users as it is probably against their terms of service. So even if you had access to the logged in user's ticket, sending it to your server and making API calls to QuickBase from your server might run afoul of the terms of service.
Photo of Kelechi

Kelechi

  • 102 Points 100 badge 2x thumb
Okay. This means the user will need to login again on the new app. A new user's ticket will be generated.

Now the default ticket hours is 24, What is the maximum ticket hours that can be specified.. I can't seem to find a definitive answer in the docs

Thank you
Photo of Ⲇanom the ultimate (Dan Diebolt)

Ⲇanom the ultimate (Dan Diebolt), Champion

  • 26,372 Points 20k badge 2x thumb
Logging in with API_Authenticate has a default lifetime of 12 hours. You can set &hours but I don't know what the maximum allowed value is as it is not documented and I never test it.

Most of my API work is done client side where the user is already logged in. You never have to call API_Authenticate in this scenario. The ticket will be sent on every call to quickbase.com automatically as a HTTP Only Cookie. 

In you scenario you would have to call API_Authenticate from your server to QuickBase and set the &hours parameter appropriately.