Cookie authentication when reguistering users through REST API

levente.nas

10/31/23, 11:13 PM

I am running Drupal 9 commerce 2.0 as headless CMS, and I am trying to integrate the user registration/user login part of my frontend application. I was able to use the user/register REST API to create users. The default (only option without other modules) authentication was cookie authentication. What I am trying to understand is how the cookie authentication works. When running curl -d @data.json http://example.com/user/register?_format=hal_json --header "Content-Type:application/hal+json" for example, everything works perfectly fine, and the user is created. But don't I need to add a Set-Cookie header for this to work since the REST API has cookie authentication checked? How does this cookie authentication work?

248

1 + 5

commerce

authentication-authorization

cilefen

10/31/23, 11:32 PM

This site is set up to answer one question at a time.

levente.nas

11/1/23, 1:13 PM

Thanks, edited.

Kevin

11/1/23, 1:29 PM

The cookie header should be in the response, correct? Is this just registering, or are you authenticating that new user somewhere?

cilefen

11/1/23, 1:32 PM

Set-Cookie is a response header not a request header.

Kevin

11/1/23, 1:44 PM

Right, the client would then have it. With Curl, there is additional handling needed - see https://www.drupal.org/node/1795770

Score:2

Drupal

Lambic

11/1/23, 3:09 PM

When you perform a login using the login endpoint you'll get a cookie back (as well as a CSRF token) which you can then use for subsequent requests instead of doing a fresh login every time.

So with curl something like this:

curl --header "Content-type: application/json" 
  --request POST \
  -s -c cookie.txt \
  --data-binary '{"name": "user1", "pass": "pass1"}' \
  https://.../user/login

Would get you back a cookie in cookie.txt and the json response will contain your CSRF token.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Cookie authentication when reguistering users through REST API

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.