Hi,
I'm building a new website in Drupal and there are some administrative web services that I would like to make available to middleware together a legacy system. I did some research into Drupal's XMLRPC system and figured that token based authentication in the core would be useful.
This is what I have sketched out on a napkin:
Scenario:
Client wants to create some new data in the system. This is the process:
1. Client requests a service token, sends username/password of a Drupal user
2. Drupal loads the $user matching the crudentials
- creates a random alphanumeric token to send back to the user
- serializes, and caches the $user object, key = md5(token + ip address of client)
- sends the token back to the client
3. Client makes an RPC call to say: module.createListing($token,$arg1,$arg2,...)
4. In createListing(...)
-- Checks the token, if valid does it's thing, otherwise, returns an error message.
I think it would take a fairly small amount of code to accomplish the above. I haven't given a lot of thought about Drupal's external authentication system though. I'm not too familiar with it, but maybe somebody can fill me it. For this system I may write my own version of user_authenticate() without the variable_get('user_register',1) in it so some malicous person doesn't create an unlimited number of random users in the system.
Any thoughts or previous work on this?
DDEV is the official local development tool of Drupal. And like Drupal, DDEV depends on the support of the open source community.
