We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

SSO | Forum

Topic location: Forum home » Support » General Questions
George
George Apr 30 '16
Can I add SSO (JSON) Web Token to my oxwall site in the 1.8.2 update? I want to use the sso for registrations. 
ross Team
ross May 1 '16
If you want to implement it in 1.8.2 this is considered as a custom code modification. You better wait for it, it will be implemented in the next update: http://www.oxwall.org/forum/topic/46363?page=1#post-179313 which is within 2-3 weeks. 
George
George May 2 '16
Quote from ross If you want to implement it in 1.8.2 this is considered as a custom code modification. You better wait for it, it will be implemented in the next update: http://www.oxwall.org/forum/topic/46363?page=1#post-179313 which is within 2-3 weeks. 

Thanks very much for your prompt reply. I will wait.
George
George May 17 '16

Quote from ross If you want to implement it in 1.8.2 this is considered as a custom code modification. You better wait for it, it will be implemented in the next update: http://www.oxwall.org/forum/topic/46363?page=1#post-179313 which is within 2-3 weeks. 

Does 1.8.3 come with SSO?

ross Team
ross May 18 '16
Yes, every form now has hidden fields with csrf tokens
The Forum post is edited by ross May 18 '16
George
George May 18 '16

Quote from ross Yes, every form now has hidden fields with csrf tokens
How can I implement JSON Web Tokens to your product.
ross Team
ross May 18 '16
It is already implemented. See my reply above. 
ross Team
ross May 18 '16
If you want to implement SSO, then it is considered as a custom code modification. You will need to do that on your own or hire a programmer to do that for you. 
George
George May 18 '16

Quote from ross Yes, every form now has hidden fields with csrf tokens
How do you use it?
dave Leader
dave May 18 '16
My understanding (please correct me if i am wrong here)  Anti CSRF is different from Single Sign On (SSO) 


One is a cross site security measure token and one is for Single Sign On 

The Forum post is edited by dave May 18 '16
George
George May 18 '16
Quote from dave My understanding (please correct me if i am wrong here)  Anti CSRF is different from Single Sign On (SSO) 


One is a cross site security measure token and one is for Single Sign On 


Okay. 
ross Team
ross May 18 '16
Yes, that's right it is different things. 

What is csrf token, the principle of csrf token is that every form has a unique hidden value, for example like this: MTQ2MzYzMjcyOHVaQU1PbmltMlh1bk9uRVBlSzE1aXB1VjFiT3J5NjNr which is generated everytime you visit the page with this form, this unique number is stored in the session file, the principle is the same as json web token, the number is generated in order for somebody not to forfeit the data being sent.

dave Leader
dave May 18 '16
OK yes because even if you use session_id() and POST they can still spoof both of those using special utilities and also because the session id is visible in the url. So the token is something they cant spoof because they cant get access to it to view it and it changes all the time.  Correct?
ross Team
ross May 18 '16
Yes, correct