From 6b26b4e3b817ead75f2aba00dc20b468a2df82cb Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Thu, 5 Nov 2015 17:38:21 -0800
Subject: the journey of 1000 miles begins with a single step

---
 doc/hook/authenticate.bb | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'doc/hook')

diff --git a/doc/hook/authenticate.bb b/doc/hook/authenticate.bb
index 2e824f082..eb8071e73 100644
--- a/doc/hook/authenticate.bb
+++ b/doc/hook/authenticate.bb
@@ -1 +1,29 @@
 [h2]authenticate[/h2]
+
+Invoked when a POST request is made with non-null $_POST['auth-params'] such as from the login form.
+If the hook handler does not set the 'authenticated' parameter of the passed array, normal login functions continue;
+
+The 'user_record' is in fact an account DB record. To provide automatic provisioning of accounts from other authentication realms, this record should be generated and stored during the verification phase.  
+
+
+[code]
+ $addon_auth = array(
+            'username' => trim($_POST['username']),
+            'password' => trim($_POST['password']),
+            'authenticated' => 0,
+            'user_record' => null
+        );
+
+        /**
+         *
+         * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
+         * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
+         * and later plugins should not interfere with an earlier one that succeeded.
+         *
+         */
+
+        call_hooks('authenticate', $addon_auth);
+[/code]
+
+
+See include/auth.php
-- 
cgit v1.2.3