just wanted to ask some advice regarding authentication and user accounts. I'm doing a web application that has it's own authentication and i wanted to integrate telligent using REST API.
For authentication i'm using OAuth jwt token based authentication what is the best approach for this with telligent?.
For User Accounts do i have to create a telligent user accounts also or no need? since i have a user accounts in my application?
Thanks in advance.
You probably want to consider an SSO solution. See https://community.telligent.com/community/10/w/developer-training/53133/external-authentication for built-in and custom options.
Thanks. If I use sso or external oauth do u still need to create or maintain a user account in telligent?
There will be user accounts in Telligent, but they will authenticate against the external user store, so the user experience is seamless and synchronized.
Thank you for the prompt response, one more thing so it still required to create a user accounts in telligent? The blog, forum, comments etc won't work without creating telligent user accounts and groups right? If I use external authentication how do I map my external user store against the telligent user account? What's the appropriate approach you may suggest? Thanks for the help. I'm learning fast
With SSO, the accounts will be created automatically when users from the external site first use Telligent Community.
Do you have a sample implementation or guidelines for that? Since I'm using oauth shall I use oauth or sso?
or create a custom SSO plugin for Telligent Community:
Just an added side note since account creation was mentioned, a custom SSO plugin would require logic to create the accounts automatically as part of the plugin.That being said Cookies auth, shipped OOTB satisfies 99% of SSO needs and is what most of our customers use.
to add on also, let say i use the cookie sso and when a user has successfully authenticated from external app then it will trigger this cookie sso implementation to login to telligent and eventually a rest api call to telligent after successful login to telligent. is that mean that for the rest api call i will use implicit grant type?
The REST API will not work on behalf of the user until they are created in Telligent Community which occurs the first time they access the community with the SSO cookie. When the user logs in externally and hasn't accessed Telligent Community yet, the user account will not yet exist to access the community via REST.
Once the user account exists, you can choose any grant type to interact with the REST API using OAuth on behalf of the user.
Thank you. I guess i need to plan properly this. My application is using oauth to authenticate, i can use an admin account to create user thru rest api without using cookies sso and complex design. Maybe you can give me some directions
Before using the REST API on behalf of a user, you could ensure they exist. If they do not, you could create the account. The user can later authenticate as long as the username in the SSO cookie matches the username in Telligent Community.