This project is not covered by Drupal’s security advisory policy.

This is a small module for developers that provides a plugin based API that hooks into the user authentication process (using the form API).

The idea is to make it easier and quicker to provide additional/custom authentication steps during the user authentication process as developers can use this module and just implement one plugin class without having to touch the Form API.

This can be useful for custom validation logic and particularly authentication using external/custom web services.

Sample implmentation:

class UserAuthAPIDemoPlugin implements UserAuthAPIPlugin {

  function isExternal() {
    return TRUE;

  function validate($form_values) {
    // Custom code to authenticate externally here...
    return TRUE;

  function validateError($form, $form_values) {
    // Just returning a form error but any logic can happen here.
    return form_error($form, t('Access denied!'));

  function validateSuccess($account, $form_values) {
    // Just returning a message but any logic can happen here.
    return drupal_set_message(t('Success'));

  function defaultWeight() {
    return -20;


Project Information