pre_loginpage_hook() for authenticating users with tokens

pre_loginpage_hook() for authenticating users with tokens

by Farhan Karmali -
Number of replies: 3
Picture of Core developers Picture of Plugin developers Picture of Testers

Hi

So we are developing a native android app . For now we have a requirement to make the quiz and scorms open in web view  within the app rather than use web services . Now the issue is when the user is directed to click on the quiz link or scorm link , it opens up in web view and this asks him to login again. I was hoping to eliminate this  . So I made my own auth plugin which has a pre_loginpage_hook function and along with the quiz / scorm link we will append the token . The pre_loginpage_hook will read the token , validate it , log in the user and redirect him to where he wants.


I just wanted to know if someone sees something wrong in doing this? I do  know from a security prespective it is opening a hole but thats what the client want.


Any feedback would be much appreciated 

Average of ratings: -
In reply to Farhan Karmali

Re: pre_loginpage_hook() for authenticating users with tokens

by Farhan Karmali -
Picture of Core developers Picture of Plugin developers Picture of Testers

Hi ,


Anyone ?  any thoughts

Average of ratings: -
In reply to Farhan Karmali

Re: pre_loginpage_hook() for authenticating users with tokens

by Darko Miletić -

That is fine as long as tokens can be used only once and have expiration.

Average of ratings: Useful (1)
In reply to Darko Miletić

Re: pre_loginpage_hook() for authenticating users with tokens

by Farhan Karmali -
Picture of Core developers Picture of Plugin developers Picture of Testers
Thanks , Yes the tokens are set to auto expire in few hours
Average of ratings: -