php-crud-api icon indicating copy to clipboard operation
php-crud-api copied to clipboard

Published 20 hours ago verified publisher icon mevdschee

help wanted: is it possible and it makes any sense to mix dbauth and jwt auth?

Open nik2208 opened this issue 2 years ago • 5 comments

actually the subject is already the matter..

In particular: I would like to use both social login (like google or facebook or whatever) with my own jwt auth mode. I would/should such a mechanism be structured?

nik2208 avatar Sep 14 '22 14:09 nik2208

@nik2208 I would be happy to know about this too. This issue here closely relates to your question.

NorthFred avatar Sep 14 '22 14:09 NorthFred

I would like to use both social login (like google or facebook or whatever) with my own jwt auth mode. I would/should such a mechanism be structured?

I think auth0 fits your needs, see: https://auth0.com/

mevdschee avatar Sep 15 '22 05:09 mevdschee

I would use php-crud-auth instead of auth0 (they should actually do the same job, right?), but I actually don't really figure out how to mix (e.g) users coming from google login and others coming from php-crud-auth login to converge to the same php-crud-api session. Could I explain what I mean?

nik2208 avatar Sep 15 '22 07:09 nik2208

they should actually do the same job, right?

No, auth0 has the social logins implemented and with php-api-auth you will have to build those social login integrations for yourself.

mevdschee avatar Sep 15 '22 08:09 mevdschee

you will have to build those social login integrations for yourself

that is already done: I can successfully login with google and get the user's email back (and the token, actually). but now I find myself in this situation: I have users registered thru php-crud-api dbAuth, and users coming from google which are not (yes) in the users table. Should I enable both dbAuth and JWT, or are them mutual exclusive? is api.php able to recognise which user use what and simply create a user without a password if coming from google?

maybe I'm missing something..

I would avoid using auth0 as sole authentication method in this phase of the development, so I'm wondering: do I have to implement my own JWT auth method (and I would use php-crud-auth for that) and remove dbAuth as auth method option from php-crud-api?

nik2208 avatar Sep 17 '22 09:09 nik2208

do I have to implement my own JWT auth method (and I would use php-crud-auth for that) and remove dbAuth as auth method option from php-crud-api?

Yes, that is what I would do.

mevdschee avatar Oct 15 '22 06:10 mevdschee

I'm closing the issue for now. Feel free to follow-up if you have any further questions, either on this issue (I'll re-open) or on a new one.

mevdschee avatar Oct 23 '22 10:10 mevdschee

I've implemented my own auth provider using multiple instances of api.php. I'll be sharing my general approach and the mods I've done to auth.php to achieve the goal.

nik2208 avatar Oct 23 '22 11:10 nik2208