Auto-login for embedded chat integration


#1

I’m trying to embed Mattermost into my web app. Assuming that my app users use the same credentials as mattermost users, I’d like to open a window (or iframe) with Mattermost and user already logged in. How to do this (preferably without SSO)?

Do I think correctly that I could login to the API (having username and password), get a token and then use it somehow in the new window? How?


#2

Hi @alec! Thank you for reaching out.

These links might help:
https://docs.mattermost.com/integrations/embedding.html


https://ankushthakur.com/blog/how-to-run-mattermost-in-an-iframe/

There is also a feature request open to allow Mattermost inside an iframe: https://mattermost.uservoice.com/forums/306457-general/suggestions/19132369-allow-mattermost-inside-an-iframe-in-a-controlled

Let us know if these didn’t help or if you have further questions!


#3

Yes, I saw these, but… It requires proxy and disabling click-jacking protection is not possible in Mattermost 5.0, as I see. The documentation is outdated.

Anyway, My question was about what then? What when I disable all iframe protections? How do I auto-login a user?


#4

Hi @alec!

Here is a thread I found that might help: [SOLVED] Auto login? Site integration?.

I’ve also posted this question to the Peer-to-peer Help channel in our build server for our community and engineers to share ideas. Feel free to ask any additional questions!


#5

Thanks. I’ve found by myself that indeed it can be done with login to the API, setting cookies and redirect (or iframe - with some proxy magic and CORS setup). My plugin for Roundcube can be found at https://git.kolab.org/diffusion/RPK/browse/master/plugins/kolab_chat/ I’m going to work on notifications api now.


#6

for the same purpose (mattermost running in an iframe) we developed https://stash.kopano.io/projects/KM/repos/mattermost-plugin-notifymatters/browse which implements a post message api.