Skip to content
  1. Extras
  2. Office
  3. Controllers
  4. Remote Authorization

Remote Authorization

The idea is that two snippets - one on the client site and another on the server site - run at once to authorize the client through the server.

officeRemoteServer

this snippet runs on the server from which users come. The address to which this snippet is called for, should be indicated with the client - let it be site.com/remote/login, for example.

When a client is directed to the server, it checks the authorization status. If we have a guest, they will be redirected to the login server page (if it is not indicated, then to the parent of document site.com/remote/). There you can use officeAuth, HybridAuth, Login — anything you like - in order to authorize the user.

Right after the authorization the user should be sent back to site.com/remote/login — there the snippet will get information about them, save it to cache for 10 seconds, generate an authorization token and send the user with it to the address from which the user has come.

NameBy defaultDescription
&hostsList of domens (with commas), which are allowed to access the authorization page.
&keyObligatory data encryption key for keeping personal information safe. The key has to be the same for the client and the server.
&authId0Id of the site page, for user's authorization. After a successful authorization the user has to be redirected back to the snippet "officeRemoteServer".

In the authorization snippet you have to indicate

modx
&loginResourceId=`id страницы site.com/remote/login`

That is, we have 2 pages on the server. site.com/remote/ (id = 1)

modx
[[!officeAuth?
  &loginResourceId=`2`
]]

site.com/remote/login (id = 2)

modx
[[!officeRemoteServer?
  &hosts=`site2.ru`
  &key=`h4O58eqwt987Jmqewj`
  &authId=`1`
]]

officeRemoteAuth

This snippet shows the login and logout forms.

There should be authorization link site.com/remote/login in the login form. The user starts authorizing after clicking it. If everything is alright, they will be authorized on the server and return to the client with the token, by which the client can get information about the user from the server.

This information is encrypted by the indicated key &key, and after getting the data the user is created/updated and authorized on the client.

When the user exits the client site, they exit the server site bu the same algorithm (only without any data exchange).

Most parameters coincide with those of officeAuth (chunks, groups, contexts, remembering, etc.), but there are also some unique ones:

NameBy defaultDescription
&tplLogintpl.Office.remote.loginThis chunk will be shown to an anonymous user, i.e. to any guest.
&tplLogouttpl.Office.remote.logoutThis chunk will be shown to an authorized user.
&groupsList of groups for a user registration, with commas. User's role in the group can be written after a colon. For example, &groups=`Users:1` will add a user to "Users" group with a "member" role.
&rememberme1Remembers a user for a long time. On by default.
&loginContextGeneral context for authorization. By default - the current one.
&addContextsAdditional contexts, with commas. For example, &addContexts=`web,ru,en`
&loginResourceId0Identifier of a resource to which the user will be sent after authorization. By default it is 0, which updates the current page.
&logoutResourceId0Identifier of a resource to which the user will be sent when the session is ended. By default it is 0, which updates the current page.
&updateUser1Permission to update existing users with data from the remote server.
&createUser1Permission to create new users.
&remoteObligatory address of the remote server page with a call for snippet "officeAuthServer".
&keyObligatory data encryption key for keeping personal information safe. The key has to be the same for the client and the server.

On the client site the snippet can be called for like this:

modx
[[!officeRemoteAuth?
  &key=`h4O58eqwt987Jmqewj`
  &remote=`http://site.com/remote/login`
  &groups=`Users`
]]