Jump to content

Building a scalable web app for login/register api in php without using any third-party frameworks or libraries


sagnik

Recommended Posts

Hi, I wat to build a scalable web app for login/register API in PHP without using any third-party frameworks or libraries as well as the API URLs for the app will be as follows:

Signup URL: /user/signup

Signin URL: /user/signin

Profile URL: /user/profile

Update profile URL: /user/profile/update

 

After login/register the app should generate and return the access token which is required to access profile. How can I do it?

Link to comment
Share on other sites

The most secure answer is...you don't. This is one of those things you really should never write yourself, if only for security reasons.

 

The way I would implement this is to get a working login system for one application (your main one), then make that login system compatible with industry standards for extensible login systems. The most common standard for single sign on these days is SAML, which lets you cleanly separate the "identity provider" (the login system and user account database) and the "service provider" (the applications that use those accounts). One identity provider can provide user information for multiple applications, so you can just build the identity provider once, and as you make your apps going forward, your users with an account on app will already have an account that works across all of them.

 

There are several PHP libraries for implementing this (PhpSimpleSaml is probably one of the more well known ones), and it's way too complex to really implement securely without using a library. I failed to follow my own advice back in 2014 when I built my SSO system, and have recently been in the process of ripping it out and replacing it with something more standard...

 

As for URLs, forget about what the URLs look like when developing it, you can always use an .htaccess file later to make them whatever you want.

Link to comment
Share on other sites

I understood what you've said. But the task I've been assigned by an IT company for whom I have given an interview for "Full-stack Web Developer" at first round of the telephonic interview. Now the HR Manager wants me to develop the app for my 2nd round of interview. They have allowed me to use any third-party libraries. But I'm not comfortable with any third-party libraries, that's why I've asked for without any framework or libraries.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...