0

I am using Zend Framework 2 with ApiGility.

I have the following scenario:

  1. A website where users login and manage their accounts: www.website.com
  2. Apps hosted separately: app.website.com (that users want to use)

The sub-domain is not necessarily hosted on the same environment or even in the same datacenter.

Now, if a user accesses an app directly, I need to check if they are logged into the main website so that I can grab user related information needed by the apps.

I am not 100% sure of the best way to go about this.

For the App to work I need the following:

  1. A 32 bit code (a unique identifier that the app uses in place of private information)
  2. Account balance (to make payments for app services)

To get the 32 Bit code, I was thinking of setting up the following: 

    www.website.com/api/is/logged/in

Which would return the 32 bit code I need, if the user was logged in.

To get the account balance I would then use the code:

    www.website.com/api[:/code]/get/account/balance

If the user was not logged in then the app would provide a form for the user to login which would be sent to: www.website.com/api/logg/user/in

If the users account balance needed to be topped up, then I would likely open an iframe to a payment page on the www.website.com for the user to make a secure payment.

This is kind of new territory to me so not 100% sure of the direction I should be taking or best practices...

Any advice appreciated.

thanks!

HappyCoder
  • 5,985
  • 6
  • 42
  • 73

1 Answers1

0

It sounds like you're looking to implement Single Sign-On (SSO) between a number of completely distinct applications. I would check out SimpleSAMLphp...it will do everything you need:

Adam Lundrigan
  • 598
  • 2
  • 11
  • Hi Adam, thank you for this. I have looked at this in some other posts but before I embark on that journey I need to make sure the same thing can not be done using Apigility alone. – HappyCoder Apr 02 '15 at 17:25