Front end API, token auth and session data #1001
-
Hi, I have a working front end API that works with the user plugin and has both routes that don't require authentication and routes requiring authentication. This all currently works and uses cookies. Importantly I make a lot of use of session data. Getting it to work was partly luck as I tried different things as it's right on the edge of my knowledge area compared to the application side where I'm fine. An extract from the authenticated side of my routing is: |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 3 replies
-
As far as I know, a session is identified by a cookie even though by default the session data is not saved in cookies. I think you'd have to develop your own session library if this is not what you need (or maybe a package already exists for this) |
Beta Was this translation helpful? Give feedback.
-
Maybe look at Laravel Sanctum? |
Beta Was this translation helpful? Give feedback.
-
Maybe Laravel Passport? |
Beta Was this translation helpful? Give feedback.
-
I can see that that may well provide the session data requirement but is quite a heavy solution, I'll talk to the devs. Your input is appreciated! Thanks. |
Beta Was this translation helpful? Give feedback.
-
The standard sessions in the User plugin do use cookies for sessions, but you can leverage the The idea would be:
That's the basic gist of it. You would probably need to consider further controls like expiring the tokens, but that would at least provide you simple API authentication. |
Beta Was this translation helpful? Give feedback.
-
@Tony-S Maybe you can check the OCMS user plugin that had JWT support in version 2.1? Could this be a good basis. |
Beta Was this translation helpful? Give feedback.
-
There's also this JWT extension to the User plugin: https://github.com/rluders/wn-jwtauth-plugin |
Beta Was this translation helpful? Give feedback.
There's also this JWT extension to the User plugin: https://github.com/rluders/wn-jwtauth-plugin