I am trying to become familiar with the Passbolt code so that I can manipulate the login steps. This is not easy for me because PHP is not my strong suit! I need to do this because we have our own authentication app which we want to connect to Passbolt so that we can perform a passwordless login by only authenticating through our app (unfortunately ruling out the MFA/ OAuth 2 proxy options).
I briefly spoke with contact@passbolt.com so I understand that this is no easy task, but unfortunately, it has to be done.
My first job is to remove original passbolt authentication steps and that is what I would like to ask for help with. (My developer team will be able to support me when it comes to performing the integration with our app)
I have read the documentation, and understand that it is quite an involved login process with encryption and decryption of tokens passed back and forth the server. I tried to trace these steps in the developer console, but was only able to see requests going to /auth/login (when refreshing the login page) and / when successfully logging in. I was unable to find out from digging though code exactly when and how login sessions were granted.
So, is anyone able to help me manipulate the server side code to not require entering the passphrase? And just authenticate me right into the app? Can this be done just by changing the server side code, or does the passbolt extension for my browser also need to be changed?
Many thanks,
Tom