If I authenticate a user in at an external page via OAuth, and then they follow a link from that page to my Ning site, are they logged in to Ning?
I looked through the various requests I can make via the API, but I didn't see any specific to setting the users state as logged in or logged out.
The topic of SSO is discussed in length on this forum and build, but a lot of the threads were somewhat dated, and I kept seeing "kinda sorta" answers, so I just wanted to try and get some clarification.
If this is not possible, is there another way I can verify the user is logged in?
In this thread, http://creators.ning.com/forum/topics/ning-login-external-site, Bernardo asks:
Their intention is to once a user authenticates in their site, he's also authenticated in the their NING Network, and the way back to.
I only need the red part. Eric said that it may be possible via the Ning API, but that I can't create new users, which is fine. I just want to be able to verify a user has valid login credentials in my system, and not make them log in a second time inside Ning.
I have the exact same request/need. Has anyone from Ning responded to this inquiry, yet? If not, have you found any other discussions or information about SSO between Ning and outside systems?
Ning has responded to these types of questions several times, and the answer is sorta-kinda, yes/no.
As far as I can tell, there is 1 solution...
1. Collect username/password on your own site, set the action to Ning's login page (where your login is POSTed when you sign in normally)
2. Validate username/password (I'd probably ajax a ning API handler)
3. On success from your handler, create your own session ID or whatever you want to track the user with, save it to your database, matching it to the users author id from ning.
4. Let the form go on its merry way to the normal ning login.
It's super kludgy but I've tested each piece and they work. You could probably check Nings session cookie after the user finishes logging in and additionally tie your own session id in with that cookie, so you can remember the user based only off the ning cookie, or set your own cookie. I haven't tested that part, but it should be pretty simple.
Ultimately I decided to migrate my platform off Ning since after all the hacking I've had to do to get Ning to do what I want, I could have set up a drupal/joomla setup to do everything I need from Ning in half the time.
P.S. This isn't a dig at Ning - I'm a developer and need more access to the backend than Ning provides (which is a good thing for their typical use cases).
They should get off their butts and set up SSL for custom mapped domains though.