4
I have always worked with PHP/Mysql and Javascript/jQuery. I have always connected PHP to the direct database, and I use login sessions.
I am currently working on a project where I use Angularjs for the frontend and PHP/Mysql for the backend as a kind of API to feed the main application with database data. Only that as I explained earlier, I always made use of sessions to handle the login, my question is: What is the best option to do this login and keep authenticated? Should I always send the user and password data to the API? To stay authenticated? Should I use some sort of expiration-time token? But in the case of a browser (web application), where would I store this token? Then I would still make use of sessions?
Anyway, I don’t know if I said anything silly, if so, please correct me.
From what I understand, your question is about how to manage logins in the backend of an API, right?
– Gabe
Yes. But also, how can I store this authentication, since I won’t be using sessions.
– Thiago Yoithi
Do you have any reason not to use sessions?
– Gabe
@Gabe does not prevent anything, but it is not a common standard of use because REST Apis can also be used by customers who do not have the session concept - for example mobile apps for Android and iOS. One of the patterns used in this case is the bearer token.
– OnoSendai
@lbotinelly Ah, it makes sense... I didn’t consider that the same API could be used for other customers. That’s what comes of never having worked with apps
:D
– Gabe
@Gabe Live and Learn! I myself learned this a short time ago, matter of months. One of the advantages of the mechanism of bearer token is that you can simply revoke them en masse (like services like Google, Facebook and Twitter do when you change your password.)
– OnoSendai
So... That was my idea. I’m an Android/Java developer too. I was thinking of working with Angular/JS + Phalcon Micro framework (angular frontend and backend as a REST API), because I thought that the API in the future, in addition to powering my main application, could power a mobile application. In this case, I would need to implement some form of authentication that works in both cases. Bearer token you say is type Oauth 2?
– Thiago Yoithi
@Thiagoyoithi if the answer helped, ends with the answer. Hugs.
– flpms