Angularjs website accessing API, authentication doubt

Asked

Viewed 277 times

2

I have an API written in PHP+Slim, which is being used by an administrative panel, and the authentication is via token, which is returned when the panel user logs in.

However, I am making a site with Angular and would like to reuse the API, but I could not understand how to make the authentication system for the site, since there is no way to return a token to it, as it has no login.

I thought of something based on the website address, but I still haven’t found how to do it.

What is the best strategy to perform this authentication?

Thanks in advance,

Thank you very much

  • You may not authenticate on the routes of methods that will popular the site... That is, create separate controllers for the dashboard and for the website... in my opinion...

  • I understand @rpereira15 , but in this case I end up leaving the GET data of the API open right? That is, since I do not need authentication to popular the data on the site, I can take the authentication of the Get routes and leave only in the POST and PUT, for example... Thank you

  • It actually depends a lot on what information EVERYONE can access. In a get method for users or clients you should still have authentication...

  • So there’s the problem, the information that I will share on the site should not be opened so that someone else can use in your application or site for example, because the API is an application, and would not like to leave this data open.

  • Then stipulates a fixed token and encrypted pro site, solves the problem tb...

  • Thank you very much man, I’ll do it. I thank you for your help

Show 1 more comment

1 answer

1

Angled pages are single pages, singlePage Applications (or also known as a stateless architecture), the best way to authenticate in singlePage Applications is by using JWT (Json web tokens)

In case you have thought about doing the traditional method of maintaining sessions like the Httpsession of life, it makes no sense to use this in singlePageApp, as your server will only resume a single page and the rest comes dynamic vide API.

I advise you to create some webservice that returns a token and to each request that the angular do to the server you send a token next to the request payload or in the header of it, traditionally I see a lot of personnel using in the request header. Dai your webservice will check the veracity of the token passed (can be via database).


Summary:

Login request -> returns a token if successful

rest of the requests that require authentication -> takes this token in the header to a middleware or PHP authenticate method


Tip: If you want to keep the user logged in if they give a Ctrl + r (update in the browser to page) put this token in the javascript sessionStorage, or localStorage, or $corner cookies.

I hope I helped, hug.

  • Hello @Pedrogabriel, thank you for the detailed reply. How can I do if I want to reuse the same API on a site with Angularjs, since the site does not have login?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.