Drupal login integration?

[sk89q]

Anyone have experience or knowledge on integrating PHP apps (custom) with Drupal?

[XtremeBain]

Nope, but I'm willing to bet that writing hooks or a wrapper for it wouldn't be too difficult considering that there are things like the OpenID and LDAP authentication modules for Drupal (which obviously won't help you too much, other than to see what methods they use to perform the authentication).

I discussed briefly with jitspoe the possibility of opening up an authentication API for dplogin.  It already is right now, but I don't feel comfortable using it because it's intended for the in-game login.  That being said it would generate tons of session tokens originating from the webserver's IP, and some players may be weary of supplying their login information a non-dplogin site.  I'd love to see dplogin be an early adopter of OAuth, but I'd settle for something simpler, as long as I know it won't interfere with things like cheat detection, account tracking, etc.

[sk89q]

I could, yes, go through Drupal's code to see how the login session is handled, but I was hoping someone had already tackled the problem previously.

As for the open authentication system, the actual login could be performed on dplogin.com, but the credentials could be passed back to the site needing the login. That way, dplogin.com will not have to trust a third party, players will not have to trust a third party, and the third party will not have to trust the player. Nobody loses, other than for some inconvenience. For more convoluted login procedures, they could be allowed through a different API on a case by case basis. One thing to note about this system is that it requires an elevated sense of awareness on the player's part; the player must ensure that the login page is at the right URL, and not at a falsified one.

[y00tz]

players will not have to trust a thirty party

30 parties is too many, I agree.

I'm completely for an open auth system, it would allow for dpclans.com to actually get some good use.

[sk89q]

Yes, it would great to integrate (it even rhymes!).

[jitspoe]

The players would still have to trust a 3rd party.  You'd be entering your password into a different site, right?

[XtremeBain]

Players would click the login link that would redirect them to an official dplogin.com sign in page.  Then after submitting their credentials they would be redirected back to originating site as a signed in user.  AJAX could make it a little less seamless on the user's end, too.  The other site can store the token that dplogin.com returns and keep it in the active session, or store it as a cookie.

It's also be really good to have some XML or JSON output for the user and clan profile pages.

[sk89q]

Using Ajax would mean the form would be on the third party site, so it would be the same thing.