Is it good way to use Auth::user(); in REST APIs to get the current authorized user details?

astroanu

replied 8 years ago

i don't see why you should not.

0

extjac

replied 8 years ago

what type of session are you using?

0

harikrishnan

replied 8 years ago

Not using any kind of session.Using user token authentication.Its working as follows.

For each login a hash formatted token will be generated and saved in the database along with user id.And sending these to Mobile User.

2.Mobile User will send the user id and the user token along with every Server API call.

3.Server API will verify the user id & token with the values saved in the Database .If it matches it will continue with other functionalities.Else it will return invalid authentication.

In this scenario is it possible to use Auth::user()?

0

astroanu

replied 8 years ago

Solution

in that scenario, nope.

You can do something like this:

class ApiBaseController
{
    public $user;

    public function __construct()
    {
        $this->user = $this->authenticateUser();
    }

    private function authenticateUser()
    {
        // return authenticated user
        // if authentication failed abort(403)
    }
}


class DoSomethingApiController extends ApiBaseController
{
    public function listThings()
    {
        return Things::getThingsByUser($this->user);
    }
}

Last updated 8 years ago.

0

Moderators