Authenticating and Integrating with another API
Hello,
I am looking for some top level guidance so hopefully someone here can help me.
Background:
I am building a Discord.JS bot and I have a Laravel (PHP) full stack app that authenticates users through their browser using Discord API OAuth2.
For the normal web route based authentication, as expected, when a user is redirected back from the OAuth2 login page after a successful Discord login I log them in the Laravel API and create a session for that user so they can make subsequent requests without having to login again.
Where I am at now:
Now I want a mechanism that allows my Discord bot to make requests to my Laravel API on behalf of the user, so the users on a Discord server can fire commands that fetch data from the API without having to login in again, because they are already logged into Discord and the bot has access to the user.
Because all of my controllers use the authenticated user, and in particular the user's id, I don't want to have to recreate routes or controllers just for the bot (if I can avoid it)
Question:
What design approach should I take to authenticate users with my API who fire commands through the Discord bot?
My current plan:
Do I use a token in the header of the request that I use to authenticate the bot first, then log the user into a session by hitting a new route (that is available only to the bot) and pass the user's id in the request?
My thoughts:
I don't want to make unnecessary requests, so performance is important
I don't want to have any issues around security and some 3rd party being able to get access to user information or make requests on behalf of the bot.
1 Reply
Unknown User•3y ago
Message Not Public
Sign In & Join Server To View