# |
Apr 11th 2021, 16:56 |
cnizzardini |
Store JWT in session and pass JWT to API. CakePHP supports this. |
# |
Apr 11th 2021, 16:46 |
cnizzardini |
Should consider JWT, but I replied to the original message. Set request accepts header. |
# |
Apr 11th 2021, 16:36 |
admad |
There are stateless authenticators :) |
# |
Apr 11th 2021, 16:32 |
kevin.pfeifer |
i guess his api has some endpoints which require authentication |
# |
Apr 11th 2021, 16:27 |
admad |
And why does your API need sessions? It's not stateless REST? |
# |
Apr 11th 2021, 16:24 |
cnizzardini |
@noel |
# |
Apr 11th 2021, 16:23 |
cnizzardini |
e.g. ```curl -X 'GET' \ 'https://cakephpswaggerbake.cnizz.com/actors' \ -H 'accept: application/json'``` |
# |
Apr 11th 2021, 16:21 |
cnizzardini |
```-H 'accept: application/json'``` |
# |
Apr 11th 2021, 16:07 |
cnizzardini |
What is the specific problem/error though and someone might be able to better assist based off of that. |
# |
Apr 11th 2021, 16:06 |
cnizzardini |
I've done this (sorta), but I didn't have my API handling cookies since it was stateless. Cookies were handled in the Client which was SlimPHP + VueJS and then the API was an entirely separate CakePHP application. |
# |
Apr 11th 2021, 16:03 |
noel |
No. It’s working on another dev’s machine but not on mine. Can’t for the life of me figure out why. |
# |
Apr 11th 2021, 15:50 |
ndm |
Do you have any reason for doubting that VueJS would work with cookies out of the box? |
# |
Apr 11th 2021, 15:42 |
noel |
Has anyone here used VueJS as a front-end with Cake delivering an API on the back-end? If so how to get VueJS working with PHP Sessions? |
# |
Apr 11th 2021, 15:06 |
kevin.pfeifer |
or is there something specific in the log/error.log? |
# |
Apr 11th 2021, 15:03 |
kevin.pfeifer |
Do you actually get the error `Missing or invalid CSRF cookie.` or something else? |
# |
Apr 11th 2021, 14:47 |
khalil |
Any way to do that in cake? |
# |
Apr 11th 2021, 14:47 |
slackebot |
page, this will prevent the blackhole thing |
# |
Apr 11th 2021, 14:47 |
khalil |
Hello everyone! I have a question that I can't find any answer to anywhere, say I have a form on page, and I have this page open, if I keep it open and inactive for an hour or so, and then I try to log in, I get blackholed, I'm guessing this is due to the CSRF expiry? if that's the case, any way I can refresh this token manually? I can have a javascript function that calls a refresh token url and replace the old one on the |
# |
Apr 11th 2021, 14:08 |
kevin.pfeifer |
or you change to e.g. a JWT based authentication system |
# |
Apr 11th 2021, 14:07 |
kevin.pfeifer |
well if your GET requests don't have that cookie in there than thats the culprit |
# |
Apr 11th 2021, 14:05 |
noel |
hmm.. no, changing that setting didn’t affect it. |
# |
Apr 11th 2021, 14:04 |
noel |
I mean there is that – I’m using axios and that has a config setting for `withCredentials`. I enable it on some and disable it on other requests. I’ll play with that and see. tx |
# |
Apr 11th 2021, 14:03 |
kevin.pfeifer |
right :thinking_face: |
# |
Apr 11th 2021, 14:03 |
noel |
but then it shouldn’t work on any dev’s machines |
# |
Apr 11th 2021, 14:02 |
kevin.pfeifer |
could it be that you have to allow specific cookies in your frontend JS framework? |
# |
Apr 11th 2021, 14:01 |
noel |
Isn’t that cookie meant to be handled by the browser automagically though? It’s not something I’m used to being able to toggle. |
# |
Apr 11th 2021, 14:00 |
noel |
I can see that it is definitely not sending the PHPSESSID cookie on the GET request to check login, although it is receiving it on the login POST request when it logs in. |
# |
Apr 11th 2021, 13:57 |
noel |
I get the same problem across multiple browsers. |
# |
Apr 11th 2021, 13:57 |
noel |
probably but I can’t think of anything |
# |
Apr 11th 2021, 13:56 |
kevin.pfeifer |
well then its probably neither the apps, nor cakephps fault but rather the devs machine/environment ,:) |
# |
Apr 11th 2021, 13:56 |
noel |
The app does though. It’s working on one dev’s machine from the App but not from another dev’s machine. |
# |
Apr 11th 2021, 13:53 |
kevin.pfeifer |
per default (not in an API setting) there is a PHPSESSIONID Cookie set which is matched with the authenticated identity. So after you log in and you access some restricted page it check if the given session token (from the Cookie) is currently authenticated. So if your app doesn't "save" the state but postman does I guess postman keeps cookies and your app doesn't? |
# |
Apr 11th 2021, 13:51 |
noel |
I’m getting a scenario where I login successfully – get the success message from Auth plugin, but if I then send a request to see if I’m logged in it says “nope, you’re not logged in”… only happens in the app. From POSTMAN it works as expected. |
# |
Apr 11th 2021, 13:49 |
noel |
So how does Authentication track whether or not you are logged in? I mean what happens once it authenticates you? How does it know you are now authenticated for the session. Is there some sort of flag somewhere or what? |
# |
Apr 11th 2021, 13:47 |
kevin.pfeifer |
dont know if its exactly your problem but i guess at least related |
# |
Apr 11th 2021, 13:40 |
kevin.pfeifer |
i rember ndm talked about something similar there |
# |
Apr 11th 2021, 13:35 |
noel |
Is there another way to send a login request from POSTMAN that will trigger this route? Currently it’s only triggered by the `.json` suffix if sending from POSTMAN, otherwise from the app itself it doesn’t seem to require the `.json` suffix. |
# |
Apr 11th 2021, 13:34 |
noel |
In my routes I have this: ```$routes->setExtensions(['json']); $routes->post('/people/login', ['controller' => 'People', 'action' => 'login']);``` |
# |
Apr 11th 2021, 13:32 |
slackebot |
because otherwise I can’t test it from POSTMAN, as for it to recognise the route from POSTMAN it seems to need the `.json` suffix. |
# |
Apr 11th 2021, 13:32 |
noel |
I guess it’s coming from Application.php ```$service->loadAuthenticator('Authentication.Form', [ 'fields' => $fields, 'loginUrl' => Router::url([ 'prefix' => 'Api', 'plugin' => null, 'controller' => 'People', 'action' => 'login', ]), ]);``` So the question is, how can I set it to also accept ‘.json’? This is necessary |
# |
Apr 11th 2021, 13:28 |
slackebot |
somewhere or what? |