maicol07
The comments for the login method show to pass the plain text password if they were already signed up not using this extension. In my case I have no registered users, everything will be done through this plugin which is why I have omitted the password from the login call. The code for the plugin appears to create the password if not provided. The user is never created after calling login so I think the 401 is for attempting to fetch the user token, which if it is using the admin api key is not expected, but my api key is entered exactly as it is from the database.
/**
* Logs the user in Flarum. Generally, you should use this method when an user successfully log into
* your SSO system (or main website). If user is already signed up in Flarum database (not signed up with this
* extension) you need to pass plain user password as third parameter (for example Flarum admin)
* You can also set groups to your users with an array
*
* @param string $username
* @param string $email
* @param string|null $password
* @param array|null $groups
*
* @return string
*/
public function login(string $username, string $email, string $password = null, $groups = null)
{
if (empty($password)) {
$password = $this->createPassword($username);
}
$token = $this->getToken($username, $password);
// Backward compatibility: search for existing user
try {
$user = $this->api->users($username)->request();
if (empty($token)) {
$password = $this->createPassword($username);
$token = $this->getToken($username, $password);
}
} catch (ClientException $e) {
if ($e->getCode() == 404 and $e->getResponse()->getReasonPhrase() == "Not Found") {
$signed_up = $this->signup($username, $password, $email, $groups);
if (!$signed_up) {
return false;
}
$token = $this->getToken($username, $password);
} else {
throw $e;
}
}
$this->setGroups($username, $groups);
return $this->setCookie($token, time() + $this->getLifetimeSeconds());
}