Magento 2 – Customer Session for Logged In Customer with Token-Based Authentication

apicustomermagento2restsession

We are using token based authentication over rest api from that resource

/rest/V1/integration/customer/token?username=USER_NAME&password=P@$$WORD

to consume magento rest api web services.

We get tokens and return customer details successfully form that resource

/rest/V1/customers/me

I need to get the customer ID from his session but I can not because user always considered not logged in, despite working fine for web scenario below is the code snippet I use.

   public function __construct(\Magento\Customer\Model\Session $session){

    parent::__construct($context);
    $this->customerSession = $session;
}

I am facing that problem inside my custom offline payment method defined in custom extension, I need to know the customer ID in order to determine if the customer can use that payment method or not.

Even if I tried to use the checkoutSession, still can not get the customerId.

$om = \Magento\Framework\App\ObjectManager::getInstance();
    $checkoutSession = $om->get('\Magento\Checkout\Model\Session');
    exit(var_dump($checkoutSession->getQuote()->getCustomer()->getId())); //return NULL

The custom extension works fine when viewing the store from the browser.

Can you please help me what is wrong here?

Thanks in advance

Best Answer

Try Below Code To get a customer id

<?php
    $obm = \Magento\Framework\App\ObjectManager::getInstance();
    $context = $obm->get('Magento\Framework\App\Http\Context');

    $isLoggedIn = $context->getValue(\Magento\Customer\Model\Context::CONTEXT_AUTH);
    if($isLoggedIn){ 
      $om = \Magento\Framework\App\ObjectManager::getInstance();
      $customerSession = $om->create('Magento\Customer\Model\Session');
         //get a customer id       
      $customerId = $customerSession->getCustomer()->getId();

      }
?>

Related Solutions

Magento 2 API – Get Token Authentication for Customer Logged with Facebook & Twitter

What I understand from you question is, You have only email (and obviously some network specific secret key to validate i.e facebook key).

So You just need to load the customer by email id as below.

protected function getCustomerToken($emailId){
 /**
* @var \Magento\Customer\Model\Customer $customer */
*/
$customer->loadByEmail($emailId);
if($customer->getId()){
        /**
        * @var \Magento\Integration\Model\Oauth\TokenFactory $tokenModelFactory 
        */
        $customerToken = $this->tokenModelFactory->create();
        $tokenKey = $customerToken->createCustomerToken($customerId)->getToken();
        return $tokenKey;
}
return "YOU MSG FOR CUSTOMER NOT FOUND";
}

The above code should return the token key without password.

Note: Make sure you are doing proper & strong validating before generating the token & rest is already explained in Franck's answer .

Magento – How to consume the REST API in Magento 2, using AJAX with session-based authentication

Yes. you can use Magento 2 API this way but you need to create a php page (say php page name is apicall.php) and make ajax call to that custom page instead Magento directly. On the the custom.php page you need to call Magento API.

apicall.Php

<?php
// REPLACE WITH YOUR ACTUAL DATA OBTAINED WHILE CREATING NEW INTEGRATION
define("CONSUMERKEY", "XXXXXXXXXXXXXXX");
define("CONSUMERSECRET", "XXXXXXXXXXXXXXX");
define("ACCESSTOKEN", "XXXXXXXXXXXXXXX");
define("ACCESSTOKENSECRET", "XXXXXXXXXXXXXXX");         


function sign($method, $url, $data, $consumerSecret, $tokenSecret)
{
    $url = urlEncodeAsZend($url);

    $data = urlEncodeAsZend(http_build_query($data, '', '&'));
    $data = implode('&', [$method, $url, $data]);

    $secret = implode('&', [$consumerSecret, $tokenSecret]);

    return base64_encode(hash_hmac('sha1', $data, $secret, true));
}

function urlEncodeAsZend($value)
{
    $encoded = rawurlencode($value);
    $encoded = str_replace('%7E', '~', $encoded);
    return $encoded;
}


$actionName = $_REQUEST['action']; 

switch($actionName){
     case 'getcustomer':
      echo getCustomById();
      break;
}      

function getCustomById()
{

$customerId =  $_REQUEST['custid'];
$result =  null;
$method = 'GET';
$url = 'YOUR-MAGENTO-ROOT/index.php/rest/V1/customers/'.$customerId;

//
$data = [
    'oauth_consumer_key' => CONSUMERKEY,
    'oauth_nonce' => md5(uniqid(rand(), true)),
    'oauth_signature_method' => 'HMAC-SHA1',
    'oauth_timestamp' => time(),
    'oauth_token' => ACCESSTOKEN,
    'oauth_version' => '1.0',
];

$data['oauth_signature'] = sign($method, $url, $data, CONSUMERSECRET, ACCESSTOKENSECRET); 
$curl = curl_init(); 
curl_setopt_array($curl, [
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_URL => $url,
    CURLOPT_HTTPHEADER => [
        'Authorization: OAuth ' . http_build_query($data, '', ',')
    ]
]); 
$result = curl_exec($curl);

     return json_encode(array(             
            'result' => $result
        ));
}

calling Ajax to get custom data:

<script type="text/javascript">
        $(document).ready(function(){       
            $.getJSON('YOUR-MAGENTO-ROOT/apicall.php?action=getcustomer&custid=1', function(jd) {
                 var result =jQuery.parseJSON(jd.result);
                 console.log(result);
                 jQuery.each(result, function(index, value) {
                     console.log(index+":"+value);
                 });

               });
        });
    </script>

Best Answer

Related Solutions

Magento 2 API – Get Token Authentication for Customer Logged with Facebook & Twitter

Magento – How to consume the REST API in Magento 2, using AJAX with session-based authentication

Related Topic