Answer the question
In order to leave comments, you need to log in
How to implement the authorization API like Habr (TM)?
Introduction
One API manipulates accounts, is responsible for storing user data and all bindings to social networks. Let's call it company , and place the API: api.company.com
A project appears, let's call it project . The API is located at api.project.com
Purpose: You do not need to create a new account
to authorize in the project . The universal account for all projects is in company . The concept of habr with their TM - an account is not needed for local projects (but projects have a profile).
Problem:
How to build an architecture?
What means to use for this?
Solution idea or how I imagine it:
An authorization window is displayed on the client, the login password is entered. Sent to the project API: api.project.com/login...
A request is made from the project API to the API with accounts: api.company.com/login...
If everything is in order, a token is issued and returned to the project API, saved and sent to the client. Further, it is clear that requests come with this token.
PS You can also directly make a request from the client to, api.company.com/login...
but it seemed to me better not to mix and take out the logic.
Additional info:
API closed. I will use either JWT or Oauth 2.0 with the owner's grant (you won't need to show the browser and ask for permission, of course, the client is trusted). All APIs are written in Lumen.
Words of gratitude with tears in my eyes:
I'm almost sure that the idea is a crutch, and there is already a good bicycle invented.
I would be grateful for any help!
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question