Laravel - Website and API Authentication [closed]

0

I am developing a Chat where it can be accessed both by the web and by an application, so I made a laravel project with an api, both the site and the application will be fed through the api that stays on the same server what I am in doubt is about authentication

Application

In my application I am using JWT to authenticate the user, so every request I need to pass a token , that token is obtained at login time >

Then I will save this token in a local session on the device so I do not have to be authenticating at all times

Website

But how should I do the authentication on the site, if I'm already feeding it through the api I should also do the authentication through api?

Token, get the token , save in a session and in every request pass the token

It seems like an insecure method

    
asked by anonymous 12.06.2018 / 21:27

1 answer

1

If your site is separate from your app, you can, without any problem, request the API's resources to feed the site. Now, if it is within Laravel, you can invoke API resources internally, or access your service layer or repository, etc.

A detail for these JWT use cases is that by authenticating in the Mobile Application, and then authenticating to the site, you will lose the Token.

In this case, you will need to work with an SSO Server to manage these sessions. If that's the case, I supplement the answer based on your problem.

    
13.06.2018 / 22:14