This project is not covered by Drupal’s security advisory policy.

The Key Redirect module is a plugin for the Services module, which provides a method for external applications to automatically redirect users to a URL on your Drupal site, and log them in at the same time.

The use case for which this module was written was a Java application which shares authentication sources with a Drupal site (and therefore knows the user's username and plaintext password), which needed a method of sending users to a private web page without requiring the user to re-authenticate to the site. Think of it as a poor-man's single-sign-on solution.

IMPORTANT NOTE: You really, really, really should only use this module via SSL to prevent the user credentials from being passed unencrypted in plain text!.

Key Redirect requires the Services module to be enabled, and supports whatever Services authentication types and server types you wish to enable. See the Services Handbook for information on accessing Services with your external application.

The Key Redirect only provides a single method, keyredirect.getKey, which takes three required parameters:

  • user: The Drupal username string.
  • password: The Drupal password string in cleartext.
  • path: The path you want the user to be redirected to. While technically this can be an external link, you'll most likely be using relative paths here, without the preceeding slash, like forums/themis.

If the user authenticates successfully keyredirect.getKey returns a string with a URL like so:

When the user visits that string, they will be logged in to Drupal (if they are not already), and redirected to the path you passed to the method.

If the user fails to authenticate, an appropriate RPC error is returned, along with a HTTP 401 response. Note that we're also supporting the LDAP Integration module's approach to authentication, and its auth hooks will be tried first.

Project information