iframeauth, you can use your own authentication page/API to log in users on Rocket.Chat.
iFrame APIURL trying to see if the user is already logged in at the third-party website. If that doesn't succeed then Rocket.Chat will present the
Iframe URLwithin an
iframe, so the user logs in on the third-party website which means he is authenticated on Rocket.Chat as well.
API URLrefers to an endpoint on the third-party system that will check if the user is already logged in to that system. The
API Methodis used to select the submission method Rocket.Chat will use to submit information to the
API URL(for instance, using
API URLshould communicate to Rocket.Chat and return a JSON object containing either a
loginTokenproperty, otherwise (if the user is not already logged in) the
API URLshould return an empty body with the status
API URLwill return depends on how the third-party system decides to interface back with Rocket.Chat, as described in one of the two ways below:
authTokenback from Rocket.Chat that should be returned as
loginTokenby your endpoint.
generated-tokenis saved on
userscollection on the corresponding user record. The
generated-tokenshould be saved on the field path
services.iframe.token. The user record looks like this:
iframe, depending on how you logged in the user:
postMessageback from Rocket.Chat with user's credentials response from OAuth service. You need to manage the user creation/authentication on Rocket.Chat's database by yourself, the same as described earlier.