[development] Token based web service authentication, some clairification

Benson Wong tummytech at gmail.com
Wed Jan 25 18:13:35 UTC 2006


I think there was some confusion on what I ment with the web service
token authentication. A few people have pointed me at single sign on
stuff which isn't what I was talking about.

Essentially, I wanted to create a way so that clients using the web
service weren't always Anonymous users. They can authenticate against
the local user database, and become whoever as long as the username
and password is correct.

When they authenticate (over the web service), they get sent back a
session id. Any additional requests are done to
/xmlrpc.php?token={session id} and drupal will log them in
automatically as that user.

I'll submit the patch to the drupal.org for review.

blog: http://www.mostlygeek.com

More information about the development mailing list