Is jwt+API authorization properly implemented?

V

Vladislav Prikhodko2017-03-04 00:59:08

API

Vladislav Prikhodko, 2017-03-04 00:59:08

Hi all!
At me such problem: There are 2 applications: an admin panel for a site (Laravel) and API (Lumen).
Actually, the API works with data and gives it to the admin panel, but the issue of authorization has become.
Since the admin panel does not work with data from the database at all, how can I log in to Laravel?
In fact, now everything works like this: from the admin panel there is a request for authorization to the api. If the authorization is successful, the token is returned, which I store in the Laravel session. Each time I access the admin panel, I send a request to get an authorized user to the API and get either an array with the user if the authorization is successful or null instead of the user.
But, in fact, this is just an array of data, and in Laravel itself (admin panel), in fact, I am not authorized. All this revolves on jwt and I don’t know if it’s all supposed to work like that or not?
Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sungat Arynov, 2017-03-09
@Ginkidayo

- " Whenever I access the admin panel, I send a request to get an authorized user to the API and get either an array with the user if the authorization is successful or null instead of the user."
jwt has a token expiration date (you set it in the tymondesigns package settings). Therefore, not necessarily for everyone. Once authorized, and then you can renew the token through the "interceptor" if the validity period has expired (remember function).
Yes, we sent a jwt token - we got a user. Pretty much everything is supposed to work.
Api works with data, and js works with api.