Podio Authentication - App AND User

Answered
Follow
Patrick Steil

In our application, we need to authenticate as an app sometimes and as a user sometimes... so we use both forms of authentication... 

Trying to streamline this to remove duplicate/redundant authentications... 

I would like to understand more about what happens if I do something like this:

Scenario 1:

<App Authentication>

... do some code ... 

<User Authentication>

... do some code ... 

<App Authentication>

 

Scenario 2:

<User Authentication>

... do some code ... 

<App Authentication>

... do some code ... 

<User Authentication>

 

It appears to me that each authentication that we do basically "wipes out" the previous authentication... so if I was using App auth and then call the User Auth, I lose my App Auth... 

Is there a way to be authenticated as both User and App at the same time?

And even authenticated as multiple Apps at the same time?

 

Would love to understand how this security works under the covers better... thanks!

Patrick Steil

http://www.podiotools.com

0

Comments

1 comment

Date Votes
  • Andreas Haugstrup Pedersen

    Hi Patrick,

    Look at the authenticate method in the Podio class: https://github.com/podio/podio-php/blob/master/lib/Podio.php#L45

    You can see that after you call authenticate the $oauth class variable is set to contain the new authentication tokens, overwriting anything that may have been there before. In other words: Yes, you can only be authenticated as one entity at a time.

    To switch authentications you will need to do your own grunt work. Before switching authentication you must store the currently active authentication tokens somewhere else. You have full access to the $oauth variable so you can do whatever you want.

    When switching back you can simply restore the value of $oauth to your old tokens and you'll be authenticated as the old entity.

    So, yes, it's possible to make API calls as two different entities in the same request, but if you don't want to re-authenticate each time you switch you will have to do the grunt work yourself.

    You will also want to disable the built-in session manager as it will get confused if you switch authentication tokens around. See the last example here: https://github.com/podio/podio-php/blob/master/examples/session-manager.php

    All the best,

    Andreas 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post
Powered by Zendesk