How to provide token authentication to decoupled frontend

Created on 9 July 2018, almost 6 years ago

Updated 10 April 2024, 3 months ago

Love the project here. My question is regarding Drupal 8 as a backend only, for a separate frontend (Vue.js in this case).

Our site is not a "single page app" or anonymous-only (obviously.. since we offer social authentication).

We are using simple_oauth 8.x-3.x to provide the access tokens per-user for the frontend to authenticate, which works well, except with social_auth; since those users are being auto-authenticated to the Drupal backend (cookie/session only), and I'm unable to request a password grant token since we don't know the user's password. I've tried manually creating simple_oauth access_token entities assigned to a user, but they don't validate.

Have you run into this issue? Do you know of a solution? I don't feel like it's an edge case, the only requirements to encounter this difficulty is a decoupled site with social authentication. If this requires work, and you know how this could be done, let me know and I will get on it immediately.

Excited to hear ideas! Thanks again for all the great work here.

💬 Support request

Status

Closed: outdated

Version

2.0

Component

Code

Created by

🇺🇸United States jwjoshuawalker San Diego

Live updates comments and jobs are added and updated live.

API-First Initiative

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 3 months ago →
druplic
I don't understand how to get Google Access Token, it seems nearly impossible to do that (because client secret can't be stored on Android app). Do you talk about Google ID Tokens? If so, social_auth_decoupled doesn't work with it. I don't understand which purpose of this module social_auth_decoupled, if it doesn't work with Google ID Tokens? Do you know?
Comment 3 months ago →
🇨🇳China lawxen
@druplic social_auth_decoupled → is a base module of social_auth_google_api →
But social_auth_google_api → hasn't be maintained for a long time, Not sure if it works with newest social_auth → .
Comment 3 months ago →
druplic
@lawxen Yes, you're right. I used social_auth_decoupled + social_auth_google_api.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024