How to deal with jsonapi auth / token

[pwFoo]

I try to integrate Flarum forum with PW via JSONAPI. First tests are fine (register user, create discussions, get data, ...).

To get a valide token I send the username and password as a api call. If auth was successful I'll get the uid and a token back. This token have to be renewed after 30 minutes.

To get the token I need username and (plain!) password. So how should I save the user credentials / handle the users? 

1. Just additional fields in the user profile
2. username, password, token and uid as array (serialized + base64 encoded)
3. Sync PW users with the remote app (hook PW auth and send a auth request via API call -> token returned = login OK)

1 and 2 would be flexible, but user credentials are saved as plain text!

3 is a secure solution (no plain credentials needed), but PW have to use a remote user backend / auth and maybe some things could be less flexible...

Do you see any problems with that solution? Could it break features / modules?

[pwFoo]

I'll use user backend plugins.

Default is PW users (add fields to save flarum credentials). Additional planned plugin is Flarum user backend (hook PW login and check via Flarum API call).

First tests are fine. Syntax at the moment:

Create a discussion

// create a WireArray item, type "discussions" (= api endpoint)
$res = $flarum->makeBlankItem('discussions');

$res->title = "My discussion...";
$res->content = "My demo content";

// new discussion will be created by a api call
$res->save()

Get discussions, filter a object by PW api and update it...

// get discussions with pager (jsonapi filter is used)
$wireArray = $flarum->discussions->get(array('filter' => 'page[size]=3'));

// just use the PW api...
$discussion = $wireArray->get('title=MyTitle');

// modifiy the object
$discussion->title = "New title...";

// save to Flarum...
$discussion->save();

Delete a user

// delete a user by known id...
$flarum->users->delete($id);

// get users...
$flarumUsers = $flarum->users->get();  // all users

// get one user by ID | username
$flarumUser = $flarum->users->get(array('id' => $userId); // by userId
$flarumUser = $flarum->users->get(array('id' => 'MyUsername'); // by username

// delete a user object
$flarumUser->delete();

[MadeMyDay]

Hi @pwFoo, have you ever finished/published your module?

Thx!

[pwFoo]

Hi @MadeMyDay,

I haven't finished the module because of some problems with api auth / token  of the used flarum version. 

On 4.1.2016 at 10:31 PM, pwFoo said:

To get a valide token I send the username and password as a api call. If auth was successful I'll get the uid and a token back. This token have to be renewed after 30 minutes.

To get the token I need username and (plain!) password.

Maybe it's easier with a current flarum version, but I haven't looked into it for a long time...

[MadeMyDay]

thx pwFoo