zackrspv
commented
1 year ago And i'm not talking about the examples that exist on the documentation either; those require an Authorization token for the laravel and PHP admin kits. Ergo, the user has to LOGIN, and a TOKEN has to be generated; and yet, the documentation doesn't show any way that the token is generated - or how the token is generated, or how the user GETS the token to begin with, so basically, not that useful.
And if it's just a simple token like:
'did:eth:ADDRESS' then that can be spoofed to no end.
If it's an actual base64 encoded and serialized token, for proofs and claims, how exactly is that token being generated? how exactly does that token get sent to the backend (other than a POST request, which allows the client side to spoof the info)?
The laravel and PHP examples DON'T show the CREATION of the didToken, only how to handle it once the TOKEN itself is created - seems to be a rather crucial step missing there.
✅ Prerequisites
magic-admin-php)?❓ Question
So, is there a way to actually LOG the user into via a request from the frontend? If the user is only logging in via the CLIENT side, then any information generated by that login wouldn't be trusted on the BACKEND - even if you hooked into the 'ready' state - as if you have to send a request to the backend to CHECK if the user is logged in, then, that can be spoofed by even a 3rd grader.
Normally, I'd expect the process to work like:
However, it doesn't appear that magic supports any webhooks for PHP or true server side applications.
So, how can one actually IMPLEMENT this if their application is PHP based (and not laravel/symfony based), as nothing that is sent from the CLIENT side can be trusted?
🌎 Environment
magic-admin-phpphp