Devdocs: It would be nice to see an example of session auth.

Created on 13 Jan 2018  路  6Comments  路  Source: magento/devdocs

Feedback on page: /guides/v2.1/get-started/authentication/gs-authentication-session.html

I'm using

fetch('/rest/V1/orders',{
  method: 'GET',
  credentials: 'same-origin',
  headers: new Headers({
    'Content-Type': 'application/json'
  }),
  referer: window.location.href
});

I'm getting a 401, even when logged in as admin (that has every permission). As yet I've not been able to find any example of browser-session auth working with vanilla API. If it's the case these should not work, perhaps more documentation on what should and should not work would be appropriate.

I have verified cookies are being forwarded with the request (it's same-domain)

Most helpful comment

馃憤

I've been digging all day into this and it sure looks like session based authentication doesn't work at all at the moment.

https://github.com/magento/magento2/issues/9138
https://github.com/magento/magento2/issues/10258
https://github.com/magento/magento2/issues/14297

If the docs would state that session based authentication is a WIP then perhaps people wouldn't waste time on it like I did. :)

All 6 comments

馃憤

I've been digging all day into this and it sure looks like session based authentication doesn't work at all at the moment.

https://github.com/magento/magento2/issues/9138
https://github.com/magento/magento2/issues/10258
https://github.com/magento/magento2/issues/14297

If the docs would state that session based authentication is a WIP then perhaps people wouldn't waste time on it like I did. :)

I agree docs should state it's a WIP (Work In Progress).

Is it just a middleware needing to be implemented? I don't understand what is missing, and I think that is how a lot of people feel about the whole of Magento 2.

I first evaluated it against a range of tech in late 2015. It's coming up three years later, and my advice to people is still to go get something that works, and doesn't require them to play with servers, all the many options, like a BigCommerce or Shopify. If they need something custom, Magento doesn't get a look in on WooCommerce, purely because of things like this, and the fact it's more expensive to work with (which is probably also relating to issues like this)...

  • Clear docs
  • Don't write about functionality until it exists
  • Have tests so that things work, and are tested without humans

This is sad because I know the approach taken with Magento is likely more mature (even if it's failing to hit the mark).

I got handed Magento 2.0.1 by my employer and have been seeing a steady improvement of processes by Magento since then. A lot of frustration with complicated bugs, yes, but all in all a very well engineered product.

To keep it on topic what could be added is a "Known issues" subtopic in the documentation.

@paliarush Alex, do you know if this is still a known issue? Please confirm.

We are closing this ticket because there has been no response to our request. If you think this issue needs further review, reopen it.
Thank you for your continued collaboration and assistance!

Was this page helpful?
0 / 5 - 0 ratings