4

We're trying to use Craft as a CMS for a mobile app and to accomplish this we need to convert entries to JSON. We use the Element API plugin for this and it works like a charm.

The problem is that we don't want certain content to be visible to everyone, so we want to require the users to log in. Is it possible for a user to log in via the mobile app, then get some kind of sessionToken which is stored in the database and then every time the user send a request to the API it sends the token along with it to make sure the user of the mobile app is authenticated (like the token in the craft_sessions table)? If so how can this be accomplished?

Should this require us to write our own plugin with a custom authentication system or is it possible to get this working with the user logic provided by Craft?

Brad Bell
  • 67,440
  • 6
  • 73
  • 143
Joris
  • 130
  • 5
  • How did you go about doing this ? I'm in the same situation, was thinking of loginOut the user when the app goes to stand by and then automatically log back in again when the user continues . But is it possible to logout a user by email or id ? or only by session ? if its only possible by session how do I keep that sessionReference on the app side ? Would like to be able to just loggedout the user by email or id. Anyone knows if this is possible ? – bomanden Jun 12 '16 at 15:27

1 Answers1

3

You're basically looking for authentication/authorization for the Element API plugin, which it currently doesn't support.

Should this require us to write our own plugin with a custom authentication system or is it possible to get this working with the user logic provided by Craft?

I'd probably approach this by forking the Element API plugin and adding authentication/authorization to it instead of adding it to a separate plugin and getting them to interact.

You'd need some way to authenticate the user and once they are authenticated you could authorize future requests either based on a custom token or using authorization headers and each could have their own expiration logic.

Brad Bell
  • 67,440
  • 6
  • 73
  • 143