So this is a general question that I have with regards to RESTFul API architecture.
I'm using Laravel.
I want all users of my website to be able to login/signup to the Website(not the API, I'm not trying to authenticate the origin) through an API. Illustration below
Client --> Web server --> API server
So normal design is that your php login/logout/signup scripts are on your Web server and when a user tries to login, script goes to DB to validate, and then you set a session on the web server and pass a cookie to the client if they are validate. Now the web server has a reference to that cookie and anytime the same client comes back web server recognises them. Same way if they logout, the cookie reference on the web server is destroyed.
Now in my illustration, the API server will see the web server as a client if the login/logout/signup scripts are on it. So the API server will create a session and pass the cookie to the web server. The web server tells the client they have been validated but will not pass the cookie to it.
So user is client to web server but web server is client to API server.
- Is my understanding correct?
- Can this architecture be done?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire