Yii2: What is the best way to organize authorization between two sites via API?

A

Andrew2018-06-05 20:21:02

Yii

Andrew, 2018-06-05 20:21:02

Hello.
There are two sites. The first one with a user base and started writing an API for it, the second site has some functionality that will be available after authorization.
Here, at the request of the customer, the system should work as follows: A page with a login form, the user fills it out, a request is sent via api to the first site, we receive a response from it, authorize the user and let the site's functionality be used.
It's not clear to me how to implement this logically. It is clear that you can use HttpBasicAuth in controllers, but it is not clear how it should generally work. That is, I send the login and password to the first site, find the user, check if the password is correct, and then what? What should be returned to the second site and how to process it correctly on its side? In this case, what should be written in cookies (or in some other way) so that the user could be identified on the pages?
PS I looked at the documentation, everything is clear there, except for this moment.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Bay, 2018-06-05
@kawabanga

So the docks looked bad.
In short, you need to implement a similar system -
developer.uz/blog/yii2-rest-authentication-and-aut...
If the second site is on the same server, then you can directly access the database of the second server, for example.
If not, then write the API for the first server on the second site.