Open edichoska opened 3 months ago
We will be using Laravel Sanctum for authentication, specifically the SPA mode so investigate how to integrate that.
Some questions about the ticket:
content
and the other for admin
. Shall we do the login only for content
users?XSRF-TOKEN
route on initial page load, as I presume the token needs to be included when making the login request?/login
route -> the server returns token and the user info -> client encrypt the token and user info, stringify it and save it into a session
cookie? Or does the server sets a cookie when login is successful?There are 3 endpoints for logging in currently: admin, content and platform. This ticket is for logging in to the content endpoint I assume, although all 3 endpoints will have a similar implementation.
As for the process on how to authenticate, you can check the Laravel Docs to understand the process. I am assuming NexJS Auth has support for Laravel Sanctum as well.
The 3rd party logging in (and sign up) is for the platform only. There are no sign up routes for content and admin, they are supposed to be invite only.
I can provide you content manager credentials for signing in.
@davorminchorov Could the BE team improve the docs about 4.? As Davor explained: We don't have Sign Up for the content panel. The user will be invited by email. On click on that link the user will be redirected to a page, where they would just add a password & confirm that password.( I assume this is still not implemented? @davorminchorov)
The current implementation does not support the SPA mode yet, but the docs will be updated once that's done.
The invitation of users will be done via the admin panel so that's irrelevant for this ticket specifically.
Of course it is relevant for Stefan to know how the whole flow is going to be.
I added the accounts that can be used for testing the API on Discord. The invite content manager API is still in the works, will be available soon.
Also, the current implementation for the API endpoints use the usual JWT token approach like Stefan mentioned but we will change it soon to use the SPA mode.
The authentication API endpoints are now using the SPA mode so feel free to implement them.
Once https://github.com/learnhubmk/api/issues/132 is done on the backend, you can re-implement the authentication to use JWT tokens.
JWT authentication has been implemented on the backend, feel free to check the API docs to learn more how to use it. Let me know if you have any questions.