I had an existing website with already existing users and an auth system in place. I wanted to integrate Flarum without having my users feel like a separate account is being used for discussions. I have seen a lot of threads where people have been asking this as a feature. This thread is to help those newbies. All the things are pretty basic but the value comes from having the complete flow documented in one place. P.S. this was done in a 2 days time by a total newb so the approach may not be perfect but it works for me.
So, I had 3 components to work with here a) my slim framework based php webapp b) my api server and c) the flarum app itself. These are the steps I followed:
Generate a root api token to be used for calling create user api of flarum.
a) generate a 40 characters random string
b) add it in the api_keys table of flarum.
Create a route in my api server for getting a flarum user token. A GET on this route does following things:
a) Hits "/api/token" endpoint with the username/password of flarum. If successful, we are done, o/w follow the next steps. Note that you can also pass a "lifetime" key for token's validity.
b) Hits "/api/users" endpoint with the root api key created in step 1. Need to set the "Authorization" header as "Token <your_api_key>; userId=1". I also set the avatarUrl in this step itself. You can choose anything for the password field. I chose a base64 encoding of the creation time unix timestamp of the user.
c) Now, that the user is created, hit the "/api/token" again to get the token for this user.
Once we got the token we set a cookie "flarum_remember" with the lifetime requested in step 2. Now, in my php webapp I have the following logic in a prehook(which runs before every route request):
a) If my user is logged in and "flarum_remember" cookie is set, we are all done.
b) If my user is logged out, unset the flarum_remember cookie too
c) When the user logs out of my site, unset the "flarum_remember" cookie too.
d) If my user is logged in but "flarum_remember" cookie is not set, we call our api server to get the user token as in step 2.
Last step, write an extension to update flarum's view to remove separate login/signup
a) Update the logIn and signUp items from HeaderSecondary to point to my site's login url (with proper redirection logic) instead of opening the modal
b) remove the "account" item from the SettingsPage
1. When a user changes their profile picture in my site, call flarum's user update api to udpate the avatarUrl. I haven't done that part yet but it is fairly trivial to do