Is it possible to connect a user on his browser via an API call?

I want to connect my users to my team without them having to fill out the login form. I saw that the API has a login endpoint ( Mattermost API Reference ) but i don’t understand what data I should put in my request.

Did I understand wrong or is it possible to automatically login a user to make the process more seamless?

Hi Mattéo and welcome to the Mattermost forums!

There are several ways to achieve that, you can either log them in automatically using the API call and generate a token for them, or you can pregenerate the tokens and use the tokens for creating a login session.
What exactly do you want to do? Where do the passwords come from? Can you maybe try to describe your endeavor in more detail? I’m sure we can come up with some ideas then.

Hello Alexander, and thanks for your answer!

So basically I have a form that ask the user to input a username and a password, if the form is valid I create the account and add it to my Mattermost Server but the user needs to login manually. I want to login the user with the API right after the account creation to make the process seamless. I think that I need to get the token via the login endpoint and then create the cookie with it to achieve that?

I’m using the python MattermMost driver as my website is developped in Django but everything I tried didn’t seem to work. I saw your other post where you wrote a curl example and tried to replicate it but only got this error :

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

I also tried it with the python driver but I got nothing :

payload = {"login_id": username, "password": password}
r = driver.users.login_user(payload)
print(r)
>>> None

I don’t know what i’m doing wrong here…

I’m using MatterMost Gitlab if that matters.

UPDATE :
Ok that’s my bad, I forgot to add the https:// at the beginning in the curl request, also I found that the python driver work well but doesn’t return anything… ? Anyway i’ll find a way to get the token, but i’m still wondering what I should do with it

UPDATE 2 :
I managed to get the token via requests but now I don’t know what to do with it, i saw that there’s a cookie named MMAUTHTOKEN but that’s my only idea

Where do you check the credentials against in this step? Do you have some internal authentication source that could maybe also be used as an authentication source for Mattermost directly?

Mattermost Gitlab f.ex. is Gitlab integrated and also supports Gitlab SSO, so you would not necessarily need to manage the users in Mattermost directly, you could just use the GitLab authtentication and the accounts will be created automatically upon the first login of a user.

I think you need to set multiple cookies, in a browser session I have, I do see MMAUTHTOKEN, MMCSRF and MMUSERID - they all need to be set I guess and they need to be set for the domain of your Mattermost instance, not sure how you’re going to accomplish that with an external script.

Unfortunately, my user aren’t Gitlab users at all, just regular customers. I tried to build a custom SSO that links my login platform and my Mattermost server but I don’t think it’s possible… I found some posts in here that talked about setting cookies to connect the user but they aren’t documented that well… Anyway thanks for your help and tell me If you have any idea how to handle the cookies :slight_smile:

While the specifics depend on your tech stack, the principle remains excitingly universal. By tapping into the power of APIs, you’re opening doors to seamless interactions and user experiences that feel like a warm breeze on a summer day.

Now, about adding a sprinkle of creativity to your connections, have you considered exploring features like https://www.mightycall.com/features/call-whisper/? It’s like whispering secrets to your browser users, providing personalized experiences that make them feel heard and valued.

Personally, I find the idea of enhancing user connections through APIs and innovative features incredibly compelling. It’s like painting on a digital canvas, each stroke adding depth and richness to the overall picture.