I’m developing the main website (A) for an organisation in D7 but for other reasons there are microsites (B) related to this website using CMSs.
I need to give this other users an endpoint in which they can check if the user and password given to them are correct in my drupal instance and of course be able to verify the request only comes from a trusted source (in another physical server without a fixed IP)
So this would be something like:
- User enters credentials in website B
- Website B’s server sends those credentials to my endpoint (A)
- Website A check if they are correct and return either ok and the
role that user has or error is there’s no user matching them
I looked into Open ID and OAuth approaches but those require user interaction and rely on the users authorizing, etc. What we need is to make it all transparent to the end user so they don’t have to know in which of the CMS he/she is in and make an authorization for each one.
