cartalyst / sentinel

A framework agnostic authentication & authorization system.
BSD 3-Clause "New" or "Revised" License
1.52k stars 240 forks source link

[Question] Additional Cookie (like JWT) After Successful Login #499

Closed eskies closed 5 years ago

eskies commented 5 years ago

Hello, I've been using Cartalyst/Sentinel to handle auth process of my project. Recently I shift some architecture of my website to use API/microservice at some part. What I like to do is using JWT when making API Request. Is there any option to put a JWT Cookie after a user successfully log in and authenticate?

Thank you

ghost commented 5 years ago

What I do for this is just see if Sentinel::authenticate returns a user, then put the user principal / id / email into a JWT outside of sentinel and just setcookie().

JWT cannot be destroyed like a cookie or PHP session, so really just make it afterward.

8633brown commented 5 years ago

@suwardany just a thought. Would this be a good optional cookie class. I imagine there would be more to it than just that but maybe for 4.0 add the option for stateless logins?

brunogaspar commented 5 years ago

Since Sentinel has a stateless method, we can augment/improve that so it could become a tad more flexible.

eskies commented 5 years ago

What I do for this is just see if Sentinel::authenticate returns a user, then put the user principal / id / email into a JWT outside of sentinel and just setcookie().

JWT cannot be destroyed like a cookie or PHP session, so really just make it afterward.

ah, it means we need to set it outside of sentinel. Well, guess need to add some middleware then, As a suggestion, maybe it can be improved, as @8633brown and @brunogaspar said, to make it more flexible by adding an option for stateless login. Thanks :)