Answer the question
In order to leave comments, you need to log in
How to authorize requests from ReactJS for PHP?
Application Front - React. Back - PHP, to be exact Yii2.
The application works for itself, i.e. implemented on the back API only this application needs. Connection of third-party services and applications is not expected.
How is it better to authorize requests from React with this scheme?
Is it worth raising an OAuth server? Do I understand correctly that React will store tokens in public storage (localStorage or cookies available to scripts)?
Or will it be enough to use server sessions (with httpOnly cookie)? How to protect yourself with CSRF? Write token in header so React can see it?
Answer the question
In order to leave comments, you need to log in
I wouldn't sweat it.
Out of the box when authorizing Yii2 Creates a token, which is then sent to all requests.
So do it, when sending an authorization request, save the token in cookies or localstorage and then use it in requests. As soon as the token goes bad, send the user back to the authorization page.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question