Announcement

Collapse
No announcement yet.

External Authorization

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • External Authorization

    Hello,

    I'm trying to do the following:

    1) user is authenticated and authorized by Apache
    2) Apache uses fcgi and php-fpm to run EspoCRM, it passes Authorization header to EspoCRM
    3) EspoCRM "user" table contains all valid users (without passwords)
    4) I've added "External" authorization module, that looks up user by name passed to "login" method, without password check.

    The problem is that it doesn't actually work - External module is called, user is found and returned from its "login" method, but browser still shows "login" screen.
    There are no errors in log.

    What do I miss?

    Thanks!

  • #2
    I do not think, that you can authenticated EspoCRM user only by Apache. EspoCRM uses Basic Authorization for API requests, but not for all application.
    Job Offers and Requests

    Comment


    • #3
      Thank you for prompt reply!

      I do not think, that you can authenticated EspoCRM user only by Apache. EspoCRM uses Basic Authorization for API requests, but not for all application.
      I believe it should be possible if I do have full access to source code and database.
      Would it work if I populate auth_token table with "infinite" tokens and then pass those tokens as a cookie from Apache to EspoCRM?

      Thanks!

      Comment


      • #4
        Source code is available here https://www.espocrm.com/download/. You can check all requests, cookies and local storage via DevTools (F12 in Chrome).
        Job Offers and Requests

        Comment

        Working...
        X