How to get the user logged in from an API in laravel?

Navigation
0

There is something I do not quite understand in order to start designing my API in laravel. I wish that only users who are logged into the application are able to consume the resources of the API.

I understand that I must send a token that identifies the user in each request that he makes from the client but where do I get this token from? I had thought of the following way:

  • Generate a random string that will be my token when the user logs in.
  • Send it to the customer in the form of a cookie.
  • Store the token also in the database and relate it in some way to the user.
  • Each time you make a request send the token stored in the cookie from the client and map the user for it.

    • But doing it this way generates some doubts:

  • It is assumed that the user can access your account from different computers, should I create a specific table in the database to store all the tokens that a user can generate from different clients?

    • I know it seems that I am answering the question myself, but I really want to know the most correct way to do it.

    Thanks in advance.

        
    asked by GerardoAGL96 28.04.2018 в 07:40
    source

    1 answer

    0

    What is usually done to obtain a specific token for each user is by encrypting their own data to generate it such as these: 

     $userInfo = array(
            'name' => $user->name,
            'email' => $user->email,
            'pass' => $user->pass,
            'urlPhoto' => $user->urlPhoto,
            'description' => $user->description,
            'birthday' => $user->birthday,
            'city' => $user->city,
            'id_rol' => $user->id_rol,
            'id' => $user->id
        );

    in this way the client sends the data to the API that encrypts and returns a token, that token can be sent to the api as authorization identifier in each request and in the case of being incorrect or missing the token in an endpoint return an error code.

    After that the API would only have to decrypt and rescue that data inside the token.

        
    answered by 28.04.2018 в 15:02
    Visual Studio + Xamarin Forms graph with chartjs and filter