0

I am in the midst of separating an application into 2 separate applications – PHP and MYSQL will handle the API / Server side of the app and I am using VueJs to handle the frontend portion. I have the 2 apps communicating and fetching and receiving data with no issues.

I am just failing to grasp on a concept on how to have users sign in through the Vue side and having PHP fetch all the data from the logged in user - not even sure if Vue can handle this sort of functionality - Vue noob here.

A few things I am struggling to understand:

1) Keeping the data in the PHP side of things safe-guarded is a primary concern

2) Sending the login credentials across the 2 apps in a secure manner

Any ideas would greatly be appreciated...not looking for code per-say, just ideas to unblock my brain a little bit.

Thank you,

Sergio

Improve this question

2 Answers 2

Reset to default
1

One common approach to this would be using JSON Web Tokens (JWT). You will find a PHP and JS library to use JWTs on the posted site.

The concept is like this:

  1. Client sends login credentials (Username / Password) to Server (Make sure to use HTTPS here)
  2. Server verifies the credentials, creates a JWT and sends it to the client
  3. Client stores the JWT and sends it with each API request
  4. Server checks if the JWT is valid

Since the JWT is signed by the server, changes to it will be detected and the JWT will not be valid anymore.

Here is a tutorial that uses JWTs with PHP

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for the input... Did some research on JWT and this is what I was looking for.
1

My answer is very brief as this topic is very big and you didn't narrow down your questios.

First if i'm doing my app with vue frontend and php server side. I will send an api post from vue with username and password to php. Once done php will already know who logged in and will send back the user model which I usually store in a vue store like vuex(this is optional). That would be the case if i'm doing a login from within the app. That means on the same server. And for security advise on this is to protect against CSRF and use api middlewares(which are functions that verify stuff before giving response and usually called on all requests or specified). You probably gonna be using a php framework and it should make this easy for you with a generated token that gets sent in api call header and verified by the server and some other ways.

Now if i'm doing a login call from outside. I would use OAuth2 and will avoid sending credentials over http request and instead use a generated client token and after verifying login on php I will send back an api token with refresh token to keep the communication alive with the server. Now you're gonna have to use an api auth php library to achieve this, as there's so much behind what i mentioned. To understand how oauth2 works refer to this link.

Improve this answer

1 Comment

Your second method is what I am looking for... The apps will live in separate servers and need to communicate in a secure manner. This is the first app/s I am building that use 2 different servers, so this whole concept is totally new to me. Thank you for your feedback and suggestions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.