Developers

Custom CSS

Talki will automatically detect the CSS of a site, but for advanced users who want full control, Talki supports Custom CSS for Pro accounts (plans & pricing).

The information below only applies to Pro accounts and higher.

To append and overwrite styles in the existing Talki CSS

<script type="text/javascript">
window.chatter_options = {
    'css_append': 'http://example.com/my.css'
}
</script>
<script src="http://EXAMPLE.embed.talkiforum.com/embed/1.js" type="text/javascript"></script>

To completely replace all CSS, place the following code inside your opening & closing script tags:

<script type="text/javascript">
window.chatter_options = {
    'css_replace': 'http://example.com/my.css'
}
</script>
<script src="http://EXAMPLE.embed.talkiforum.com/embed/1.js" type="text/javascript"></script>

We recommend using the tool Firebug on Firefox to examine the CSS classes and ids on your Talki forum to know how to style them.

SSO - Single Sign On API

Embedding

<script type="text/javascript" src="http://<shortname>.<hostname>.embed.talkiforum.com/embed/1.js?<arguments>"></script>

Without arguments the forum is embedded without any SSO relying on third party authentication.

Possible arguments for SSO:

• (required) uid - unique user id
• (required) name
• (required) ap - authentication provider name (use 'site' for single site SSO)
• (required) sig - signature
• (required) expires - GMT timestamp at which the signature will expire
• (optional) level - 10 = member, 50 = moderator, 100 = admin
• (optional) email
• (optional) avatar_url - url to an image that is expected to be 50x50
• (optional) profile_url
• (optional) login_url

Required for generating signature but not required as a query argument:

• domain - shortname.hostname (e.g. offtopic.lefora)

GMT timestamp generation example: python: int(time.time() + 602) php: php()+602

SSO Signature

argument = name=value
serialized_arguments = argument&argument&... # arguments sorted by 'name', exclude empty values
signature = url_safebase64(hmac(serialized_arguments, secret_key, sha1))

URL Safe Base64:

+ replaced with -
/ replace with _

Example:

ap: talki
uid: 1
name: Bender
expires: 1265673544
domain: general.talki
email: test@example.com

serializes to:

ap=talki&email=test%40example.com&expires=1265673544&name=Bender&uid=1&domain=general.talki

signature is (if secrey key is 'topsecret'):

-4uxvTXub94XX6M_hXZ3SfqfdEo==

Python code to generate signature from a dictionary:

import base64
import hashlib
import hmac
from urllib import quote_plus

def serialize_fields(fields):
    """Return a string of the form 'key=value&key=value' where keys are sorted."""
    return "&".join(
        "%s=%s" % (
            k, quote_plus(v.encode('utf-8') if isinstance(v, unicode) else str(v))
        ) for k, v in sorted(fields.items()) if v)

def generate_signature(fields, secret_key):
    """Return a signature for the dictionary 'fields'"""
    data = serialize_fields(fields)
    signature = hmac.new(str(secret_key), data, hashlib.sha1).digest()
    return base64.urlsafe_b64encode(signature).rstrip('=')

PHP code to generate signature from an array:

function serialize_fields($fields) {
    ksort($fields);
    $data = array();
    foreach ($fields as $key => $value) {
        if ($value != "") {
            $data[] = "$key=" . urlencode($value);
        }
    }
    return join("&", $data);
}

function urlsafe_base64_encode($value) {
    $res = base64_encode($value);
    $res = str_replace("+", "-", $res);
    return str_replace("/", "_", $res);
}

function generate_signature($fields, $secret_key) {
    $data = serialize_fields($fields);
    $signature = hash_hmac("sha1", $data, $secret_key, TRUE);
    return urlsafe_base64_encode($signature);
}

Additional Arguments

The following are additional arguments that should not be included in the SSO signature generation:

• lang - refers to the language code, IS0 639-1. For example, lang=es for Español or lang=en for English.