How to implement simultaneous access to the API of the user and the mobile application?

H

havemanyquestions2019-07-10 18:50:52

API

havemanyquestions, 2019-07-10 18:50:52

Hello.
I need an API that will be accessed by a mobile application that will serve a CRM system with an apron on React.
User login to CRM is implemented using JWT Auth0. The user logged in, gets to the main page, which is allowed to be viewed by all logged in users, regardless of access rights. If the user has rights, he can continue to surf the CRM, if not, then no. Everything is clear here. But what if there is an application, administrative, available only to a certain circle of people. It needs to access the API and have access to everything, as it is implemented, a role with all rights is created, which is called, for example, app. But what about authentication in this case? If the user is thrown to the login page, then what about the application? It's always the same, it's the same. It is necessary to directly give him permission to access without authentication, without problems, even possible without JWT ... Or is it not possible? What is the login mechanism for API access for an application?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sergey Panteleev, 2019-07-10
@s_panteleev

What's the problem?
You, judging by the text, already have a division of users into roles and, depending on the role, this or that functionality is available to the user in the application.
Add a new role that will have access to everything. Accordingly, if you authorize in the administrative application under a user with "admin" rights, information on the API will be displayed, under a user without rights, an error will be generated.
In theory, it doesn’t matter what kind of application you have (public / non-public), all your logic should be implemented in the API, and the application will only “draw” what comes from the API.
If the problem is in something else - formulate the question more clearly.