docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon api-platform

RFC Create a documentation page explaining how to work with User context

Open maks-rafalko opened this issue 5 years ago • 0 comments

Extracting this from Slack to discuss whether it would be useful to have it on api-platform's docs.

My original question:

if I need to create an entity X for the current user (X has User relation M:1) with JWT authentication, do I need to send userId in the POST request and validate so that it is the same as in JWT token?

Can I not send userId and determine it from the JWT or somehow else?

which one is the right way (or api-platform way)? Thanks

And folks pointed me to this article: https://symfonycasts.com/screencast/api-platform-security/entity-listener (Auto-set the Owner: Entity Listener)

Questions:

  1. Do you think api-platform needs this kind of docs / examples right on the api-platform.com site?
  2. What's your (core team's) vision about this approach?

I'm here again to help people finding answers quicker, that's why I need you opinion about whether it should be in the official docs. Thank you.

maks-rafalko avatar Mar 26 '20 10:03 maks-rafalko