This project is not covered by Drupal’s security advisory policy.
Extend Services (https://www.drupal.org/project/services) module authentication.
This module allows user authentication towards a web service like services and
drupal does, but without cookies.
Once login, requests to webservices should send csrf token and session token
each time they need to authenticate user.
This module requires the following modules:
* Services (https://www.drupal.org/project/services)
* Install as you would normally install a contributed drupal module.
for further information.
* Enable "Services session Token Authentication" for a Service Endpoint.
* Disable "Services session Authentication" for the Service Endpoint to be sure
to only be able to connect thanks to session id, and no cookies.
HOW IT WORKS
First time login webservice is called, be sure to give session_token and
session_id back to consumer, so it can make calls with this sessions datas in
headers. See helper function services_session_token_auth_get_tokens().
Consumer will have to send session_token as X-CSRF-TOKEN and session_id as
X-USER-SESSION-TOKEN to authenticate a user for this request.
If not authentication is made, or sessions are wrong, anonymous user will be
- Maintenance status: Actively maintained
- Development status: Under active development
- Module categories: Developer, Third-party Integration, User Access & Authentication
- Reported installs: 62 sites currently report using this module. View usage statistics.
- Downloads: 376
- Last modified: 29 December 2015
- This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.