Welcome Guest, Not a member yet? Register   Sign In
CI4 as backend for React.js and authentication
#1

I am trying to learn React framework using Codeigniter as backend. Therefore I am trying to use Codeigniter as RESTful API source. But I also need authentication and user management for the project, as most functionality should only be accessible to logged-in users.
And I am stuck, since I cannot find any reasonably easy to use authentication library for my purposes. You know, something like ion_auth, but with API that would be pluggable to React frontend. Something with tokens instead of cookies perhaps...
I realize there is a lot to learn for me on this way, but any guidance or suggestions would be really appreciated.
==

Donatas G.
Reply
#2

Have you tried myth/auth OR codeigniter-shield ?
Reply
#3

I would go with what @sammyskills methioned above 2 very nice auth pakages.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#4

(01-31-2022, 04:57 AM)sammyskills Wrote: Have you tried myth/auth OR codeigniter-shield ?
Hi, did not notice these for some reason, though I see now they might be more up-to-date than ion_auth... Will look into those. Wonder if these are cookie-based (would be harder to implement in React, I guess) or token-based...

Donatas
==

Donatas G.
Reply
#5

Hi,

There is https://github.com/GeekLabsUK/SimpleAuth too...
Reply
#6

Myth/Auth uses the token and validator method Paragon Initiative.
Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#7

I am back to learning React with Codeigniter as REST API. I have revieved the Myth:Auth and Codeigniter Shield projects and I cannot see any REST API controllers (controllers that receive and send json strings instead of receiving regular POST or GET data in requests and returning html views.

So I am not quite sure how to go about using those libraries with React JS as frontend.

Am I missing something?
==

Donatas G.
Reply
#8

(This post was last modified: 03-29-2022, 02:24 AM by ignitedcms.)

I haven't used shield or myth:auth per se, but essentially I'm planning to work on something similar.

As React is considered a Single Page App, the way you perform authentication is quite different from your standard PHP app as everything needs to persist as you perform javascript client side routing.

If you store the JWT in session storage you can just use regular javascript to inspect the token and use that to validate the controllers I believe, it is something I plan to integrate into my own backlog at some point.

What I'd also recommend getting (when it is on sale) is picking up this course as it hand holds you through the entire process in React.

https://www.udemy.com/course/react-the-c...ncl-redux/

The only thing I would add to it, is you would want to use State management of sorts to make it easier to transfer login auth across your app, or the contextAPI.

Some of my favourite state management solutions for React are probably 'Recoil' and 'Zustand'

But if you have no concerns about Javascript framework popularity - 'Svelte' is the clear winner for me in terms of simplicity.

Last time I checked I don't think shield has a JWT auth although I didn't look at it for long. You most probably want to pull in a dependency. This tutorial looks decent enough, although I haven't fully interrogated it for security issues.

https://mfikri.com/en/blog/codeigniter-login-jwt

Also one more thing to add, as React out of the box doesn't have SEO, it would be sensible to get it working with something like 'nextjs' from the get go.

As you can see, the combination of all the above steps make it super difficult to maintain effectively.

My personal recommendation, is to forgo all the above and just use a PHP stack with a decent JS library (vuejs or petitevue or even alpinejs) pulled in from a CDN for the front end, as in the majority of cases you'll find the insanity of a full Javascript frontend isn't even warranted.
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
Reply
#9

(This post was last modified: 03-29-2022, 07:13 AM by dgvirtual.)

(03-29-2022, 12:31 AM)ignitedcms Wrote: If you store the JWT in session storage you can just use regular javascript to inspect the token and use that to validate the controllers I believe, it is something I plan to integrate into my own backlog at some point.

...

What I'd also recommend getting (when it is on sale) is picking up this course as it hand holds you through the entire process in React.

https://www.udemy.com/course/react-the-c...ncl-redux/

...

Last time I checked I don't think shield has a JWT auth although I didn't look at it for long. You most probably want to pull in a dependency. This tutorial looks decent enough, although I haven't fully interrogated it for security issues.

https://mfikri.com/en/blog/codeigniter-login-jwt

Also one more thing to add, as React out of the box doesn't have SEO, it would be sensible to get it working with something like 'nextjs' from the get go.

As you can see, the combination of all the above steps make it super difficult to maintain effectively.

My personal recommendation, is to forgo all the above and just use a PHP stack with a decent JS library (vuejs or petitevue or even alpinejs) pulled in from a CDN for the front end, as in the majority of cases you'll find the insanity of a full Javascript frontend isn't even warranted.
I am fooking for some authentication / user management library that would be accessible through restful endpoints, as described in the CI docs: https://codeigniter.com/user_guide/incom...stful.html

The Udemy course your mentioned - I am actually enrolled in it already. For my project in particular, I am trying both to learn something new and to use what I can from what I have already mastered at the same time. In my case JWT authentication does not bring any advantages over the cookie authentication, but sadly it seems I cannot have it all: I will have to implement either the user/group management or the RESTful API for an existing package that has the user/group management... Which sounds overwhelming Sad
==

Donatas G.
Reply
#10

(This post was last modified: 03-29-2022, 02:52 AM by ignitedcms.)

This isn't easy by any stretch of the imagination, which is probably why I see a resurgence of the regular PHP stack for small to medium sized apps

JWT does have advantages over cookie based auth see here ->

https://stackoverflow.com/questions/5054...ie-for-spa

As I said, expect to be overwhelmed, this is the nature of Javascript front ends, unless you're building a JIRA clone, codeigniter with vuejs from a cdn is fine and dandy for my liking which is precisely why I dreamt up ignitedCMS, no dependencies, no composer, no abstract OOP data paradigms, everything you could need baked in one Smile
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
Reply




Theme © iAndrew 2016 - Forum software by © MyBB