Laravel - Website Authentication and API

Asked

Viewed 480 times

0

I am developing a Chat where it can be accessed both by the web and by an application, so I have done a project in Laravel with an api, both the site and the application will be fed through the api that is on the same server what I am in doubt is how much authentication

Applying

In my application I am using JWT to authenticate the user, so each request I need to pass a token, this token is obtained at login

Then I’ll put this one away token on a local session on the device so you don’t have to log in every time

Website

But how should I authenticate on the site, if I’m already feeding it through the api I should also authenticate through the api?

Log in, obtain the token, save in a session and in any request pass the token obtained?

It seems to me an unsafe method

1 answer

1


If your site is separate from your application, you can, without any problem, request the API resources to power the site. Now, if it’s inside Laravel, you can call up the API resources internally, or access your service layer or repository, etc.

A detail for these use cases of JWT is that when authenticating in the Mobile App, and then authenticating on the site, you will lose the Token.

In this case, you will need to work with a SSO Server to manage these sessions. If that is the case, I supplement the answer by basing myself on your problem.

  • 3

    Tip: either you pass the relevant parts of the link here to the site, to turn a reply even, or post as comment (and warns that the site is your own). The way it is, you get what’s classified as spam here. Note that it’s okay for you to complement an answer with a link from you, as long as it actually resolves the post without needing the link, and the link actually complements it. But in this case, always warning when the site is your own. More details on [help]. Knowing the operation of the site, the community will better enjoy their goodwill in helping and you will be scored for it.

  • The question was answered and the site entered as a suggestion of a possible need, which was not presented by the questioner. So I didn’t bring the content of the text. But I will edit and remove the link, not to spam.

  • You can leave the link, but put a warning that is your own, it is more cool. If you can supplement the response, you will add value and the votes can be reviewed.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.