Hi,

I have not used outsystems login. Instead i am fetching data from an api and used the login of that database. means i have used a login api. now i want to logout. how can I do that? How to create logout action?

Avneet,

I think we need more information before anybody will be able to help you. Does the external API not come with a logout function? Also, are you implementing SSO to authenticate users to an OutSystems application or are you talking about authenticating a connection to a web service? 

Hello Avneet, 

If you are LOGGIN In the user using an external service, you should log gout it using this service. 

If you are using it only to validate a user password pair, then you need to keep record of the users that logged in somehow, probably associated with the session Id, in order to check this on every request, and delete or deactivate this record when the user logs out. 

But you are doing it the wrong way. 

You should be using the system login. 

So, you validate the login against the api you are calling and then, if the api returns a successful login, you login the user using the system login api (the user must exist already or you can create it upon login). This way you can use all the facilities of the system, as system roles, logout, session end by timeout, etc. 

Cheers

Hi Eduardo,

Initially i used both outsystems login and api login, the problem which i faced was i have to put the credentials in the outsystems database first and then login api. I cant do that for hundreds of users. So can you help me out with this?

Hi Avneet Taneja,


Are you creating a token when the user is login, if yes then create another API to invalidate the token (i.e deactivate the token validity ) an use this API  on the logout action.

Regards,

Koushik

Hi Koushik,

I dont think so I am creating a token when the user is logged in. How will I do that?

Solution

Hi Avneet,

While you are login a user, if he was a valid user.

1) Create a token against the username and save the token along with the user name in the Database.

2) Pass the token as the output of login API.

3) Store the token & username in the session variables.

4) Validate the token on each request to server.

5) If the user want to logout, create another API to invalidate the token against username, pass the username & token as the request to the logout API.

this way you can achieve, hope this will helps you.

Regards,

Koushik

Solution

Is It compulsory to use outsystems login too?

If you are using the pages as registered then, you must have to use the outsystems login.

yes I am using both registered and anonymous.

Avneet Taneja wrote:

yes I am using both registered and anonymous.


Then you have to use the outsystems login, for registered pages.

If all the pages are anonymous, then you can check the token value in the session variable on layout web block,if the value is blank then session expired then transfer to login page

Hi, 

You don't need to have passwords in the system. 

Do your login validation with your api. If successful, look for the user in the user entity. If you find it, login using the Login action of System module, if not, create the user in User and then proceed to the login as if the user already existed. 

No need to store password, so you can do this automatically (no need to fill users in advance). 

Cheers. 

Eduardo Jauch wrote:

Hi, 

You don't need to have passwords in the system. 

Do your login validation with your api. If successful, look for the user in the user entity. If you find it, login using the Login action of System module, if not, create the user in User and then proceed to the login as if the user already existed. 

No need to store password, so you can do this automatically (no need to fill users in advance). 

Cheers. 

this will be the best approach.


Eduardo Jauch wrote:

Hi, 

You don't need to have passwords in the system. 

Do your login validation with your api. If successful, look for the user in the user entity. If you find it, login using the Login action of System module, if not, create the user in User and then proceed to the login as if the user already existed. 

No need to store password, so you can do this automatically (no need to fill users in advance). 

Cheers. 

ok. What if the user is not there in the user entity. I mean i have to create a username in that, right? 



Avneet Taneja wrote:

Eduardo Jauch wrote:

Hi, 

You don't need to have passwords in the system. 

Do your login validation with your api. If successful, look for the user in the user entity. If you find it, login using the Login action of System module, if not, create the user in User and then proceed to the login as if the user already existed. 

No need to store password, so you can do this automatically (no need to fill users in advance). 

Cheers. 

ok. What if the user is not there in the user entity. I mean i have to create a username in that, right? 




Here is the oml. 

Hello Avneet,

Yes, but then it is easy because the user already provided you with its username (to make the login). It is just a matter of creating a new entry in the User table if the user is not there already (your code can take care of it automatically, without needing a manual intervention).

Cheers.

How will i fetch the credentials of the users in my api database to this user table?