The initial package which became accounts-drupal. Please use accounts-drupal instead. https://github.com/FGM/accounts-drupal

Frederic G. MARAND 04e9b12516 Reactivity initialization completed. hace 10 años
client 04e9b12516 Reactivity initialization completed. hace 10 años
lib 04e9b12516 Reactivity initialization completed. hace 10 años
server 71f6b78273 Implemented whoami, works from client. hace 10 años
.jshintrc 79862964d0 First acceptable-looking part: SSO initialization. hace 10 años
README.md 79862964d0 First acceptable-looking part: SSO initialization. hace 10 años
drupal-sso-tests.js fc2b5526e3 First commit: package created from http://docs.meteor.com/#/full/writingpackages hace 10 años
package.js 04e9b12516 Reactivity initialization completed. hace 10 años

README.md

Drupal SSO

The Drupal SSO package provides transparent authentication integration with a Drupal instance.

Usage

  • Add the package to the application: meteor add fgm:drupal-sso
  • Add and enable the Meteor module to your Drupal server
    • Obtain an application token from the module for your Meteor app
  • Configure a drupal-sso section in your settings.json, like:

    {
    'drupal-sso': {
      "site": "http://example.com",
      "appToken": "the application token you got from the Meteor module"
      }
    }
    
  • In the app startup, initialize a SSO instance: SSO = new DrupalSSO();

  • Once this is done, your application can use the SSO methods, passive and reactive data sources:

    • Reactive: userId(), userName(), userRoles()
    • Passive: state.sessionName, state.anonymousName, state.online
  • You may delay until initialization by the Drupal server has completed by waiting on SSO.state.online until it is no longer undefined.

What exactly does this provide ?

Unlike Meteor, Drupal relies by default on cookie-based authentication. This package makes use of the Drupal session cookie to authenticate the user with the Drupal instance having created the cookie.

It enables adding Meteor pages to a Drupal site without having to care for authentication, which is carried over from Drupal for each logged-in user.

Pros and cons

  • Pros
    • Unlike OAuth-based users Meteor packages, users never see any authentication request from the backend Drupal instance, making the whole process transparent
    • The user experience is seamless authentication-wise: users can link from a Drupal page to a Meteor page and vice-versa and their credentials track them
    • Logging out of Drupal automatically logs the user out of Meteor too
    • The Drupal instance authorizes the Meteor applications in advance
    • A Drupal instance can authorize multiple Meteor applications
    • Supports Drupal 8 instances
  • Cons
    • This is a one-off, ad hoc mechanism, not a standards-based approach like OAuth
    • This package does not (currently) provide integration with the Meteor accounts API
    • The authentication targets a single Drupal instance for a given application, preventing integration with multiple backends, as a NOC-type dashboard applciation might need
    • Does not support Drupal 7, BackdropCMS, nor earlier Drupal versions
  • Double-edged
    • Login/logout is centralized on Drupal. This is good for Meteor pages as a complement to an existing site, not so much for more decoupled cases.