I am new to Laminas API tools.
I am working on a project where I am trying to achieve similar to google.
So basically I will have a separate database for my users which later can be used for different projects. And my API project will be calling a separate database.
While I can send JWT authentication from angular to API, I am not sure how should I be handling the JWT token?
What I want:
- Send authentication (JWT) from angular to laminas API
- Laminas API checks the authentication and authenticate
- Laminas also checks if the user has permission to access the resources
I am mainly puzzled in number 3, how do I handle the permission in API? I can send a list of claims in JWT, but how would I validate that in API?
Any suggestions?