Integrating Single Sign-On

Wojciech Majerski, Chatwee CEO

by Wojciech Majerski

Chatwee API supports both HTTP and HTTPS requests. To integrate Chatwee with hosting website session mechanism two API calls have to be triggered.

Every request is using GET method to pass the parameters.

RemoteLogin

RemoteLogin should be called whenever user signs into the website.

Method endpoint

http://chatwee-api.com/api/remotelogin

Parameters

  • chatId
  • clientKey
  • login (user name on userlist)
  • avatar (possible values: 1 or 0, url pointing to user avatar image)
  • isMobile (flag indicating whether user uses mobile device)
  • ipAddress (IP address of the user to resolve his country name)
  • isAdmin (flag telling whether user is a moderator)
  • previousSessionId (previous user sessionId)

For RemoteLogin call server would respond with sessionId token which should be passed to the client browser using cookie file with chch-SI key and expiring date being 30 days later than current timestamp. Chatwee client will automatically seek for that cookie to find user session data and use it to authorize every further requests.

Example call

http://chatwee-api.com/api/remotelogin?chatId=CHAT_ID&clientKey=CLIENT_KEY&login=JohnnyDoe&avatar=AVATAR_URL&isMobile=1&ipAddress=127.0.0.1&isAdmin=1

RemoteLogout

RemoteLogout should be triggered whenever user signs out from the website.

Method endpoint

http://chatwee-api.com/api/remotelogout

Parameters

  • chatId
  • clientKey
  • sessionId (stored user token obtained by RemoteLogin)

Example call

http://chatwee-api.com/api/remotelogout?chatId=CHAT_ID&clientKey=CLIENT_KEY&sessionId=SESSION_ID

Example PHP implementation

RemoteLogin

<?php


$previousSessionId = isSet($_COOKIE["chch-PSI"]) ? $_COOKIE["chch-PSI"] : null;


//assembling HTTP request parameters

$url = "http://chatwee-api.com/api/remotelogin?chatId=CHAT_ID&clientKey=CLIENT_KEY&login=JohnnyDoe&avatar=AVATAR_URL&isMobile=1&ipAddress=127.0.0.1&isAdmin=1&previousSessionId=$previousSessionId";


//API call with retrieving response object

$response = json_decode(file_get_contents($url));

if(isSet($response->sessionId))

{


//reading and passing sessionId to client browser

$sessionId = $response->sessionId;


$hostChunks = explode(".", $_SERVER["HTTP_HOST"]);

$hostChunks = array_slice($hostChunks, -2);

$domain = "." . implode(".", $hostChunks);


setcookie("chch-SI", $sessionId, time() + 2592000, "/", $domain);


}

else

{

//an error occured

}


?>

RemoteLogout

<?php


//assembling HTTP request parameters

$url = "http://chatwee-api.com/api/remotelogout?chatId=CHAT_ID&clientKey=CLIENT_KEY&sessionId=SESSION_ID";


//API call

file_get_contents($url);


$hostChunks = explode(".", $_SERVER["HTTP_HOST"]);

$hostChunks = array_slice($hostChunks, -2);

$domain = "." . implode(".", $hostChunks);


//removing client Chatwee session by destroying the session cookie

setcookie("chch-SI", "", time() - 1, "/", $domain);


?>

Resources: