authentication
This document describes how to implement an authentication system in your frontend application.
#
Setupnote
First be sure to have setup correctly the following two variables in your .env
file:
#
Comunication with the APIAll the communication with the remote API is standardised inside Laravel Frontend, check the Auth docs for all the specifications.
#
Authenticated requestsThe frontend use the token
saved in session at login and always send it along every subsequent request in a standard request's header
:
It does it without notion about the backend requires it or not, it is responsibility of the backend to check protected endpoints (usually routes
endpoints) and in case of invalid token return to the frontend a 401
HTTP status code.
In case of a 401
the frontend will:
- store the requested url
- logout the user
- redirect the user to the login route
- Eventually track the 401 event
- manage the redirection to the prior stored url after successful login
In your frontend application you should anyway protect your routes with the auth
Middleware, be sure to check out its docs here.
#
Frontend configurationYou can tweak the authentication system configuration from your /config/laravel-frontend.php
, under the auth
key, you can see the updated list of defaults directly from the source code here.
routesMap
#
Defines the route id (the value
) to use for each authentication feature (the key
).
actionEndpoints
#
Defines the Auth API action endpoints (the value
) to use for each authentication feature (the key
), in other words where each frontend auth action should make a POST
to the AUth API {AUTH_API_URL}/{actionEndpoint}
.
formsEndpoints
#
Defines the Auth API form construction endpoints (the value
) to use for each authentication feature (the key
), in other words where the frontend gathers the form data for each auth feature {AUTH_API_URL}/forms/{locale}/{formEndpoint}
.
#
ExamplesA typical customisation might be for instance a project where the register
route is actually called signup
, in that case you might just want to override that in your config file with:
#
Authentication componentsAll the authentication related forms are already provided by the @acanto/core-auth
components.
#
TranslationsMost of the translations happen on the form builder in fillform.io. Some default status messages and system forms fields are instead defined as strings. You can find in the source code of the standard laravel template the updated list of string required strings for a complete authentication flow, they are all prefixed with auth.
.