Answer the question
In order to leave comments, you need to log in
D
D
Dos2020-03-15 21:15:34
Dos, 2020-03-15 21:15:34
How to correctly pass permissions with a token to the API?
I am using the https://github.com/trikoder/oauth2-bundle over the https://github.com/thephpleague/oauth2-server library . In my project I use these permissions
role_hierarchy:
ROLE_ADMIN:
- ROLE_USER
- ROLE_MANAGE_USERS
- ROLE_MANAGE_CRMIn controllers I use
@IsGranted("ROLE_MANAGE_USERS"). But now I need to transfer these permissions to Frontend in order to display this or that functionality. The library uses scopes for this, but I didn’t quite understand how to use them. Maybe I went the wrong way? This is my first time doing this so I don't get it. They also said that JWT has a playload and can be issued along with a permission token. But again, I don't know what to do in my case.
Has anyone used this library? Who knows how to do it?
1 answer(s)
@pro-dev
I
Ilya Zyabirov, 2020-03-16 @pro-dev
If you have an API + a separate front, then it makes little sense to explicitly transfer permissions to the front. When you request a resource, it will be enough for you to receive the current user by a token, check his rights and return 403 (or 401 if the user did not provide a token at all) if they are not enough to access the resource.
In turn, at the front, you will process the response code and display what you need.
Similar questions
R
G
Q
L
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question