Answer the question
In order to leave comments, you need to log in
M
M
Maxim2018-06-12 01:36:03
Maxim, 2018-06-12 01:36:03
Yii How to make authentication from backend or frontend in Rest API?
Hello! I want to use api in the project as internal use. Perhaps for external use later ... I
set everything up according to the webinar from Dmitry Eliseev ( https://www.youtube.com/watch?v=jDj_JggZXsU ).
Everything works, but I just don’t want to manually write a token every time or pass a login or password if I make a request from the backend or frontend. Can you tell me how to use api in conjunction with backend or frontend ? For example, so that after authorization on the backend or frontend and, subsequently, using requests to api, it does not require you to enter a username and password, and also not to pass a username and password or a token in an ajax request.
Perhaps you need to completely refuse authorization in the session and cookies? Or I shouldn't bother with api to implement internal selections via ajax. Create a common controller for this and receive data there. What do you think?
2 answer(s)
@myks92
You make an ajax request, how will the server identify you if you don't send anything?
Why are you handing them over? In theory, you logged in to the client 1 time, received a key (a token, a couple of login passwords, whatever). Save it somewhere (webStorage) and add it to requests. Where is the manual work? Apparently you need a method that automatically adds a token to ajax requests. Make such a method and build queries through it.
@butteff
If you need to find out exactly who is logged in, then this is done like this:
Those. in the controller, you can check if the user is logged in and who exactly (does he have the rights to the API), if not, check the token.
M
Maxim Timofeev, 2018-06-12 @myks92
using requests to api did not require entering a login and password, and also did not pass a login and password or a token in an ajax request.
You make an ajax request, how will the server identify you if you don't send anything?
Why are you handing them over? In theory, you logged in to the client 1 time, received a key (a token, a couple of login passwords, whatever). Save it somewhere (webStorage) and add it to requests. Where is the manual work? Apparently you need a method that automatically adds a token to ajax requests. Make such a method and build queries through it.
S
Sergey, 2018-06-12 @butteff
I did not watch the video, but you can check if the user is logged in like this:
if(!Yii::$app->user->isGuest) {
...
}If you need to find out exactly who is logged in, then this is done like this:
if (Yii::$app->user->identity->id == 'username') {
...
}Those. in the controller, you can check if the user is logged in and who exactly (does he have the rights to the API), if not, check the token.
Similar questions
C
K
A
S
T
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question