Best way to authenticate user from external link

Hello,

I have a website from which you connect with your login/password, each user then have a xwiki user associated to his account.
I would like this user to click on a link that would redirect to my xwiki and authenticate him at the same time with his xwiki login/password.

Which user authentication would be the best ?
I have tried basic authentication but login and password would not be encrypted and that is another problem.

Thanks.

You mean there is an actual XWiki user in the XWiki database with the same login/pass than the one used in that website ?

So if I understand well what want is automatic authentication to the wiki when coming from that website even when the user never authenticated to XWiki explicitly, right ?

One thing you could do is from your website to setup a cookie associated to the domain of your wiki and the same encryption used by the wiki for the login/pass. Then you don’t need anything special for the link, the user will be automatically authenticated even by accessing directly the wiki. For inspiration you can find the code responsible for setting that cookie in XWiki on xwiki-platform/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/impl/xwiki/MyPersistentLoginManager.java at master · xwiki/xwiki-platform · GitHub.

The login/password from XWiki is not necessarily the same as the one from my website. And I forgot to mention that a user from my website can have multiple logins on XWiki (what I want is to have multiple links which redirect to the XWiki but with different rights, that is why my user can have multiple XWiki users associated to his account).

If I want to work with a cookie, I would then need to modify the cookie each time the user click on a XWiki link to be sure he is using the right XWiki user.

Do you think that using cookie would still be the best solution ?

Thanks.

If the same user can have several accounts then this cookie is not the right solution IMO.

What do you think of sending a “POST” request to the XWiki login page with j_username and j_password parameters ?

It’s not really more secure than BASIC auth.

I am also trying to directly authenticate using the login url in xwiki .
Can anyone let me how can i directly login using post method by giving user id and password ?
API url ?