Magento2 API – How to Check if Authorization Token is Valid

apimagento2

I am making an mobile app using magento 2 api (Token-based authentication). and I am confused on its expiration. I know that you can set Customer/Admin Token expiration time in Magento Settings. But how do i get that time with an API call?

I am asking this because in most apps user is logged in a shop until he presses logout so i will store this token in my app.

In docs i don't see integration/customer/token returning expiration time and hard coding that value from settings is a bad idea since its value might change. Am i missing something here?

(I could fetch/generate token every time user opens the app but what is the point in expiration then, because that will just generate more tokens for the user that already might logged in).

Best Answer

After Searching for a way to do this, for now I found out that I can check if token is valid with /rest/V1/customers/me + Authorization Header with token. It is not the best way and the way i wanted, but for now it will have to do.

Related Solutions

Magento 2 – Customer Session for Logged In Customer with Token-Based Authentication

Try Below Code To get a customer id

<?php
    $obm = \Magento\Framework\App\ObjectManager::getInstance();
    $context = $obm->get('Magento\Framework\App\Http\Context');

    $isLoggedIn = $context->getValue(\Magento\Customer\Model\Context::CONTEXT_AUTH);
    if($isLoggedIn){ 
      $om = \Magento\Framework\App\ObjectManager::getInstance();
      $customerSession = $om->create('Magento\Customer\Model\Session');
         //get a customer id       
      $customerId = $customerSession->getCustomer()->getId();

      }
?>

Magento 2 REST API – Manage API Authentication Lifecycle on Mobile Devices

To check for a valid customer token Magento checks two criteria

Is token revoked ( That happens when user logout) : revoked is saved as 1 in oauth_token table
Token is actually present in oauth_token table

Magento runs a cron to remove the expired tokens (as per lifetime in admin setting) from the table (vendor\magento\module-integration\Cron\CleanExpiredTokens.php)

Possible solution

Increase Token lifetime from admin
Override the above mentioned cron to only remove the token that are revoked i.e the logged out customer tokens

Hope this answers your question

Best Answer

Related Solutions

Magento 2 – Customer Session for Logged In Customer with Token-Based Authentication

Magento 2 REST API – Manage API Authentication Lifecycle on Mobile Devices

Related Topic