Answer the question
In order to leave comments, you need to log in
How to implement user login via OAuth2.0 in JS application to access REST API?
There is a REST API, access to certain endpoints must be provided through OAuth2 (own OAuth2 server).
You need to attach your JS client to this API, in which the user can directly log in with login / password, receive an OAuth2 token in return, and access to the API through the JS client will be determined by the newly received OAuth2 token.
Intuitively, I understand that you need to register a client for the JS application (client_id, client_secret) and operate on it before the user login, so get a new user token and use it.
But I don't understand what client_id and client_secret should be used when logging in a new user when the JS application is registered as an administrator.
Ultimately, the question is - how to implement a user login for which a client is automatically created in the database?
Answer the question
In order to leave comments, you need to log in
I don't need any client. I am not familiar with OAuth2, but I assume that the user receives a different token each time they log in and it is stored somewhere. That is the system.
The user logs in.
The server checks the username and password, and if they are valid, it generates a key or token in any way.
The client receives the user's data. Type an object with ID, name, key and everything else and save it in some storage.
Now, with any request to the API, we pass the user ID and token.
On the server, we check whether this user has this token, and if so, we check whether he has the right to receive the data of this request.
In this scheme, of course, some API requests to the server go through even if there is no token and user ID. For example, a request for authorization, or for obtaining public information that everyone can see.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question