Http request intercept before login page or login authentication without password


#1

hi, I’m wondering that I want to authenticate(make MMAUTHTOKEN and MMUSERID) without password, (I already saw “https://api.mattermost.com”)

for example, some site give some header cookie for me, this cookie like a username or user id…
so, i want to modify some source code like login process

this step is,

  1. they give some cookie information for me, i want to intercept login request then, i want to redirect to sso, if header cookie is empty

  2. so, that mean’s i need to modify source code like login source code

  3. if header cookie is not empty, i want use cookie value(like username) to authenticate(make MMAUTHTOKEN and MMUSERID) for mattermost without password

so, is it possible?

if it’s possilbe…
i want to know that how to process it…

thanks


#2

Hi @bje! Thank you for reporting this.

Can you share more details on the use case?

Can you also share what Mattermost server version you are using?


#3

Thanks for answer @amy.blais

My Mattermost version is 4.10 and

i will install & update 5.0


#4

Hi @bje I found this thread that might help: [SOLVED] Login to Mattermost from browser by skipping the login form

If it doesn’t help just let me know and I can ask our engineers if they know the answers. I know you already posted in the Peer-to-peer Help channel earlier so I’m planning to post about it also in API channel.