As off version 1.2.0, it’s possible to facilitate automated login with your Bloxby application. This essentially means you can allow your users to log into their Bloxby account by clicking a simple link.
Configuration
Automated login is configured under “Settings > Integration”. You’ll find a panel there labeled “Automated login”. For security reasons, by default this functionality is turned off. To turn it into, set the switch labeled “Activate automated login” to ON.
The next requirement for using automated logins is setting a “Hash key”. This key can be any string or number. For security reasons, we suggest creating a string of random letters and numbers of at least 20 characters long. Basically, you wan to make sure people can’t easily guess this key. Please keep this key private; do not distribute it or share it with others.
Generating login links
A proper automated login link will look this:
https://yourbloxbydomain.com/auth/alogin/?token=[usertoken]&hash=[hashstring]
User token
In the above link, [usertoken] refers to a unique token identifying the user whose account will be used when logging in. To retrieve the user token for a specific user, you can either use the REST API or log into your copy of Bloxby (as a user with ADMIN rights) and navigate to the Users panel. For reach user, you will see a field labeled “Autologin token”.
Hash string
The next parameter you’ll need to include in the link is the [hashstring]. This string is an md5 hashed string consisting of the domain hosting the link and the hash key configured in the Integration settings panel (“Settings > Integration”).
Let’s assume you’re hosting the link on a website located at “https://mysite.com/” and the hash key is configured to be “SecretHash_12345”. You would then need hash the following string using the md5 protocol: “https://mysite.com/SecretHash_12345”.
Please a code example below of how we’d achieve this using basic PHP:
$hash = md5( "https://mysite.com/" . 'SecretHash_12345' );When creating the hash string, be sure to only include the domain (with a trailing “/”) and the protocol (“http://” or “https://”). If you include anything else, the automated login will fail.
I have try it, but it ít is not work.