How can I skip the default User_Login and do the Auth by my own API ?

How can I skip the default User_Login and do the Auth by my own API ?

  

I would like to do the login authentication via API instead of using the default User_Login action.

May I know how I can deal with it ?

Hello,

Afaik, doesn't matter if you are doing login by your own API, you always have to also login in OutSystems.
 
One of the reasons is that the LICENSE imposes a number of users, and trying to avoid this in order to enable more users is not allowed.

Cheers.

Not entirely true,


an anonymous session is a session, so you might grant roles to that anonymous user and have your own session-variable to keep track of that external-userid.

if it's wise is another thing (and it still counts to the number of users in your license afaik)



Have you marked the Homescreen as anonymous? If you do not have an Outsystems login, you need to mark it as anonymous otherwise you will be redirected to the login page even if you validated the login with your own logic.


If for any reason you still need an Outsystems login (role control for example) you can use the System Server Acton "Login" which allows you to login a user without any password to login a generic user. (The use of the login action is discouraged because it does create a security risk so you have to be very careful when managing active users, but it is available for your use).


Regards,

   CLSJ



Eduardo Jauch wrote:

Afaik, doesn't matter if you are doing login by your own API, you always have to also login in OutSystems.
 
One of the reasons is that the LICENSE imposes a number of users, and trying to avoid this in order to enable more users is not allowed.

Logging in in OutSystems is especially important if you want to use Roles (a.k.a. priviliges). Having all Screens anonymous, or checking yourself each Screen, is not recommended and the latter a lot of work.

As for the licences, they are not defined in terms of users logging in to the platform, but in terms of "named users". You are bound to allow a maximum of named users as stated in your contract, and will breach it if you don't. Even if you log in to the platform, circumventing any restriction the Platform imposes is easy (e.g. by creating one-time users that are deleted on a regular basis).

So, concluding, even if you use an external verification for your users, always log in to the Platform as well. This will help with your application priviliges (via Roles), and will more easily allow you to establish the number of named users (which you would want, as you do not want to breach your contract).


Hi Kilian

I was unsure about the license.

So, in short:

1. You are not required to login in the plataform using the System login.

2. No matter what login system you use, the number of named users must be respected.

Yes. I undestand that avoiding using the system login increases the development's complexity and is not advisable anyway.

Thanks! :)

Eduardo,

Ianal, and the last time I actually looked at the licence/contract was a couple of years ago, but I was then struck by them not having defined "named users" in any way :).