Developer forum

Forum » Development » Any other built-in option for user authentication in DW?

Any other built-in option for user authentication in DW?

Torben Bak Jensen
Reply

Hi
We are currently trying to setup a frontend application (Nuxt.js), which should communicate with an API set up in a Dynamicweb. The main reason for the API to be setup in DW, is so we can utilize the user management and handle authentication through DW. What we currently have is an endpoint for logging in the user, which uses the LogOn-method in the LogOnHandler-class. This is working fine when in the context of a tool like Insomnia or Postman, but as soon the call is made in a browser, we run into the issue with the SameSite Cookies, since the response is trying to set cookies. We’re not particularly fond of using the cookies across the two solutions, since most browsers are shifting away from cookies in general, and because we see a lot of potential issues with handling the user state this way.So, our question is basically, is there any other built-in option for user authentication in DW now or maybe planned, which could be used to authenticate, without the need of setting cookies in the response? Is it possible to something like this out of the box, or would we have set up a custom service to handle the auth state and supply it to the frontend application through a JSON response for example?

Best,
Torben

 


Replies

 
Kevin Steffer
Kevin Steffer
Reply

following...

 
Martin Vang
Martin Vang
Reply

Hi guys,

Funny you should ask. We're currently working on implementing a JWT based authorization for our webapi. This means, you can "login" and get a response-token that you can use to get user specific content in future requests.

https://www.nuget.org/packages/Dynamicweb.Ecommerce.WebAPI/

Latest version should have some initial (working) version of this - it's only planned for 9.12, though, so I havn't testeed things on a released version. To use, you have to navigate to dwapi/users/authenticate and get a token back. If you then pass that token along in the as a bearer-token, you should get content back, as if you are this person.

The token ofc has a limited timespan (30 min for now) and can be used to get a new token (/users/refresh and provide the old token). The token should work for all endpoints that can be seen under /dwapi/docs.

It might be worth it to experiment at bit and let me know what you think of this early peak into the changes to userspecific content for dw 9.12?

BR

Martin

 
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Reply

Looking forward to seeing this Martin. laugh

 
Anders Ebdrup
Anders Ebdrup
Reply

SWEEEET! yes

 
Torben Bak Jensen
Reply

Sounds awsome! Looking forward to it. Thx yes

 

You must be logged in to post in the forum