No More Posting New Topics!

If you have a question or an issue, please start a thread in our Github Discussions Forum.
This forum is closed for new threads/ topics.

Navigation

    Quasar Framework
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    Saving the AuthO token to my own database using API's

    Help
    3
    5
    110
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NickBloodworth last edited by

      I have an app that uses API’s to retrieve something from a database. These API’s are protected by AuthO, and I’d like to be able to pass the AuthO token or email address of the user logged in back to my API’s, so I can log it against any records that they create.

      Has anyone done this, or are there any good tutorials?

      qyloxe 1 Reply Last reply Reply Quote 0
      • qyloxe
        qyloxe @NickBloodworth last edited by qyloxe

        @NickBloodworth said in Saving the AuthO token to my own database using API's:

        …I’d like to be able to pass the AuthO token or email address of the user logged in back to my API’s, so I can log it against any records that they create.

        So, basically you just want to do a CSRF 🙂

        https://en.wikipedia.org/wiki/Cross-site_request_forgery

        I hope this first API is protected from such abuse.

        The way it should work is that your “API” should get credentials from original API on behalf of authorised user - not sneaked out from this user browsers session. The authorisation token (or something else) should be viewed and managed by original API and easily revoked when suspicion of abuse arise (automatic or manual). Look at how it’s done on github with external apps/plugins. It’s good implementation.

        1 Reply Last reply Reply Quote 0
        • N
          NickBloodworth last edited by

          No, all I want is to be ble to post the currently logged in user email or token to my database, using my API

          qyloxe 1 Reply Last reply Reply Quote 0
          • qyloxe
            qyloxe @NickBloodworth last edited by qyloxe

            @NickBloodworth said in Saving the AuthO token to my own database using API's:

            No, all I want is to be ble to post the currently logged in user email or token to my database, using my API

            Well, I don’t have means to verify any of that, or if this original API allows this in its TOS or even if it is legal in your assumed iurisdiction.

            Honestly I’m not comfortable discussing such techniques - those are methods used to hack sites and steal user credentials.

            This question has nothing to do with quasar, I would argue, that it not belongs here ( @s-molinari ), maybe try this on stackoverflow and see what they can say to you?

            1 Reply Last reply Reply Quote 0
            • s.molinari
              s.molinari last edited by

              First off, tokens are to avoid a database/ they should be stateless. If, however, you want to store a session, then you need a session system (with or without tokens).

              So, I believe any tutorial on how to work with tokens (assuming we are talking about JWTs), will help you understand what is necessary both from the app/ client side and the server side.

              Scott

              1 Reply Last reply Reply Quote 0
              • First post
                Last post