I’m trying to embed Mattermost into my web app. Assuming that my app users use the same credentials as mattermost users, I’d like to open a window (or iframe) with Mattermost and user already logged in. How to do this (preferably without SSO)?
Do I think correctly that I could login to the API (having username and password), get a token and then use it somehow in the new window? How?
Hi @alec! Thank you for reaching out.
These links might help:
https://docs.mattermost.com/integrations/embedding.html
https://ankushthakur.com/blog/how-to-run-mattermost-in-an-iframe/
There is also a feature request open to allow Mattermost inside an iframe: https://mattermost.uservoice.com/forums/306457-general/suggestions/19132369-allow-mattermost-inside-an-iframe-in-a-controlled
Let us know if these didn’t help or if you have further questions!
Yes, I saw these, but… It requires proxy and disabling click-jacking protection is not possible in Mattermost 5.0, as I see. The documentation is outdated.
Anyway, My question was about what then? What when I disable all iframe protections? How do I auto-login a user?
Hi @alec!
Here is a thread I found that might help: [SOLVED] Auto login? Site integration?.
I’ve also posted this question to the Peer-to-peer Help channel in our build server for our community and engineers to share ideas. Feel free to ask any additional questions!
Thanks. I’ve found by myself that indeed it can be done with login to the API, setting cookies and redirect (or iframe - with some proxy magic and CORS setup). My plugin for Roundcube can be found at https://git.kolab.org/diffusion/RPK/browse/master/plugins/kolab_chat/ I’m going to work on notifications api now.
for the same purpose (mattermost running in an iframe) we developed Kopano · GitHub which implements a post message api.