I apologize if this question has been answered. I was unable to find anything by searching.
I’m new to Wappler. I have an existing in-house authentication service (user/pswd, permissions) that I’d like to use with Wappler - i.e. when I fill out the Wappler login form I’d like our in-house authentication service to be called.
Should I just define and call the API? Is there a way to integrate into the Security Provider architecture?
Am I even asking the right question?
You are asking the right question, but we need more information.
How is your auth service layered? What is the tech stack behind it? How do your other systems interact with it? Are you using standards?
Hi Jon - thanks for the quick response. Our auth service supports a REST API:
POST url/api/session
with a JSON payload that contains user / pswd
The call returns a session key
All subsequent calls to our service require the session key.
Will a user need to constantly call the API?
The session key is inserted into the ‘Authorization’ header value on subsequent API calls.
An internal server timer will expire the session key if there has been no activity where activity is defined as API calls to the server or a heartbeat as a minimal interaction.
So I can’t see why you wouldn’t be able to use the external auth system, however you won’t be able to plug into Security Provider via your auth API. Security Provider is really meant to be used directly against a supported database.
So I guess your only option is to make calls to your API to retrieve the session and do checks for it when accesing your backend on Wappler. For the permission system I don’t know if that info is sent back through the API or if you have to perform an API call before every wappler api backend access.
Thanks Jon