I have a question on a big problem that I need to solve.
I have a custom site, created with React.
This site need to integrate with magento 2 (with multisite installation).
I have created some API that call, via CURL, the Magento REST API
For example I need these API:
But, the first and main problem is:
I created a token via REST API via "/rest/V1/integration/customer/token" and all is ok.
But, If I go on the magento site the user is offline and I need again login over the site to show the personal page, for example.
My question is: it is possible, when I create a token via REST, make a auto-login action on the magento website? If yes what is the best solution to solve this problem?
I spent 3 days to find a solution but I not find anything.
Hi, I'm looking at this page for guidance page: http://devdocs.magento.com/guides/v2.2/get-started/authentication/gs-authentication-token.html
With the token you get back from Magento, how are you passed that on further requests? Which is the next REST request you make and how is it formatted?
You will need to make sure the token you get back is sent as an authorization header:
Authorization: Bearer <authentication token>
Thank you for your answer.
My next REST request after Token is customers/me and all works fine.
In all callback I include Authorization: Bearer with my token.
And from REST API I have data such as Firstname, Surname etc.
But after this If i go on my magento website the user is not logged.
In other word the REST API doesn't share the logged state with the site.
And it is the problem.
How make to shared the REST Token Authorization and logged state on site (I need this thing because I have an hybrid solution, login/logout and cart are in custom solution but order process and user details are on magento standard frontend)
That's not really how it works. Your token authenticates you/the customer for REST api calls, it does not validate and create a web session and cookie. You're going to need to log the customer in by passing their credentials to the regular login route as well within the browser so that they can get authenticated that route as well and allow Magento so authenticate the session and set the cookie.
We not have any solution to integrate this thing and create the cookie for web?
They are two separate authentication systems so you have no choice but to integrate them yourself and go through both of them.
Thanks Tom for your answer!
And using oAUTH autentication instead the REST Token resolve my problem?
It is a possible way?
It is very strange that this hybrid solution is not covered by Magento with some solution.
I've just been reading about the "session API". http://devdocs.magento.com/guides/v2.2/get-started/authentication/gs-authentication-session.html Have you tried doing it by customers logging in on frontend first and then making other REST requests afterwards on the client side?
"The session based authentication functionality is restricted to only allow for AJAX calls and not direct browser requests due to security vulnerabilities. A developer can create a custom storefront widget that can issue requests without additional authentication steps."
But Session API is the opposite solution that I need for my problem because with the Session API the customer before must perform a login at standard storefront and after is able to use API.
In my case, user will login with custom API via Token. And I would like my custom API create a Magento session automatically on the storefront.
With this session when I go on http://magento.site/customer/account/ the core prevent a new login page on magento storefront beacuse the user is already logged.
It's not practical to do it the other way around like you want because you have to have a browser-based session for that to work and you can't set that up by REST API alone. Whereas you can use the session API to also authenticate REST api requests if they're done within the browser because the session can be shared.