Mixing Authentication in one request...

Answered

Comments

3 comments

  • Andreas Haugstrup Pedersen

    Your access token is not invalidated when you perform another authentication, but you do need to manage them yourself if using one of our API clients. This is the same for all authentication types.

    E.g. for the PHP client (which I'm assuming you're still using) will create a new instance of PodioOAuth and Podio::$oauth will be set to the new value and the existing PodioOAuth will not be stored.

    So before authenticating a second time you need to store Podio::$oauth somewhere and when you want to switch between two authentications you'll switch out Podio::$oauth as needed.

    The other API clients work in roughly the same way.

    Nb. The very basic session manager that is turned on by default in the PHP client (the newest PHP client, that is) will most certainly become quite confused and you should turn it off or implement your own based on your specific needs.

    Nb. Since the server-side flow by necessity requires redirects to podio.com you'll risk getting some confused users if you ask them to do multiple authentications as different users since the 1st user will still be logged into podio.com when it's time for the second user to authenticate.

    /Andreas

    0
    Comment actions Permalink
  • Patrick Steil

    Thanks Andreas!

    On my 3rd question, I don't need multiple server side flow auth's, just one server side flow and then auth with multiple Apps...  but I think you answered that... 

     

    When you said:

     

    E.g. for the PHP client (which I'm assuming you're still using) will create a new instance of PodioOAuth and Podio::$oauth will be set to the new value and the existing PodioOAuth will not be stored.

    So before authenticating a second time you need to store Podio::$oauth somewhere and when you want to switch between two authentications you'll switch out Podio::$oauth as needed.


    This is to store the server side flow oauth, yes?  Is this also for the App Auth?

    If it is handled differently, what do I do to auth to multiple Apps in the same request?

    Sorry, I got confused by "Nb." ??? :)

    Patrick

    0
    Comment actions Permalink
  • Andreas Haugstrup Pedersen

    Hey Patrick,

    Sorry about "Nb." -- I forget that Americans don't use that abbreviation. It just means: "Please pay attention to what comes next". In this case I wanted you to note a couple of caveats.

    Back to the important content: Since you only have a single server-side flow the concept is exactly as described. You'll need to keep track of the oauth objects yourself and switch them into and out of the API client as needed.

    It's the same deal with app auth and server-side auth since both result in the same type of oauth object.

    It still stands that if you're using the current PHP client you need to disable the built-in session manager or you'll run into trouble on subsequent page requests as the session manager will save the last used authentication and use that (and that kind of randomness is not what you want, you'll want to control everything manually).

    /Andreas

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk