I just discovered this open source app on F-droid that might be easy to adapt to complement the Hubzilla Chess addon.

AlaskaLinuxUser / app_JustChess
JustChess - a chess playing app featuring the JustChessEngine. https://thealaskalinuxuser.com


Immagine

@The passed pawn Inn+
@Hubzilla Chess+
  
It's so cool to see this OpenWebAuth in action on something other than the Hubzilla webpages in a browser! I can log in to my channel's primary hub with username/password, then use the /rmagic endpoint of a remote hub to seamlessly authenticate to that remote hub and subsequently access private content (in this case a chess game history where I'm the player whose channel lives on an independent hub).

@Mike Macgirvin the response to a successful remote authentication via /rmagic is HTML text whether the auth succeeds or fails, and a session cookie is obtained in either case too. Is there a way to get a JSON response with a true/false message of some kind? I actually did this already in the chess addon, where I created a chess/login endpoint for the local channel so that I could return a JSON success status. To do this I duplicated and simplified the include/auth.php code. This is obviously not ideal and I'm probably missing an existing endpoint.

// API: /chess/login // Authenticate to hub case 'login': require_once('include/auth.php'); $verify = account_verify_password($_POST['username'], $_POST['password']); if ($verify && $verify['account']) { $channel = $verify['channel']; $account = App::$account = $verify['account']; $_SESSION['account_id'] = App::$account['account_id']; $_SESSION['remember_me'] = 1; App::$session->new_cookie(31449600); // one year $_SESSION['last_login_date'] = datetime_convert(); authenticate_success($account, $channel); json_return_and_die(array('status' => true)); } else { json_return_and_die(array('errormsg' => 'Authentication failed', 'status' => false)); }
  
I don't know exactly what you're trying to do so I don't have a good answer. If I was in that situation I would try to re-use the existing login code, because include/auth.php already processed the login and there's no need to do it twice. Basically if $_POST['auth-params'] === 'login' , somebody tried to login (this is handled by the system long before calling your module); and if local_channel() is false, they failed.
  
You're right. I should be able to just check if local_channel() returns true in the chess/login endpoint function and return that boolean in the JSON format the Android app needs. I don't know what I was thinking.

I will still encounter a similar situation when using /rmagic or /magic for remote auth, because the app will receive a response body in HTML format and a header including a session ID regardless of the success or failure of the authentication attempt. Perhaps I could add a check for a request header specifying return content type JSON to the /magic class?