I am currently working on an dynamic/filterable list via VueJS, that accesses my OJS’ REST API. The whole thing works so far, but i am having issues with the authentication.
I tried a kind of lackluster solution by creating a “dedicated API User” and then using that users API key inside the code (not really viable, i know) - but that solution only works as long, as the current user is not registered/logged in.
So my question would be, if there’s a way to either give every guest user read access to the REST API or if there’s a JS way to check, if the current user is logged in (already tried via cookie, but could not work it out).
I am probably doing in wrong, but maybe someone can give me an hint.
Is this going to run through your browser in production (e.g. as a browser extension or something), or will it run from another server-side tool (e.g. a NodeJS app)? If the latter, then your question is more about your development environment than a production concern, I think. You might use a secondary browser (or another profile) to look at the API results during development so that a logged-in user session doesn’t interfere.
Regards,
Alec Smecher
Public Knowledge Project Team
thanks for the quick reply. It is running through the (user’s) browser - so it is more of an UI/theme component. That’s why my APIKey solution is kinda bad and i am kind of stuck .
Hmm, I see. The results the API gives you using a user account’s API key (and no session cookie) should be the same as you see when logged in as that user (with a session cookie and no API key) – are you seeing something different?
Regards,
Alec Smecher
Public Knowledge Project Team
Hi @asmecher,
I probably voiced my problem a bit poorly.
So my Vue Component pulls all issues dynamically filtered by year via the API. This is supposed to work for registered/logged-in users as well as guests without any account. But as guests do not have read access to the API (i get a 404 at least), i actually do now know how to do this.
As mentioned in my first post, i tried the following: Create a dedicated “APIUser” Account and use the “APIUser” key to provide API access to guests. This solution works only for Guests tho, because as soon as a real “UserXYZ” is logged in, the query (still provided with APIUser key) will a return a 404 as well.