Hi there, I have Vue front end, and ModX as CMS and API, I already can expose a secured rest service, but so far, the use case it’s been a third party that accesses my services, but now I need my own front end (VueJs) managed inside ModX, to interact with my rest services on a secured way. (I use the modx Login Extra)
I’ve contemplated the following options
Add a plugin to listen for OnWebLogin, generate the JWT token, then add it to the session, and just inject the token into my vue components as part my custom modx resources render process, then use it on the axios webservice calls.
Add a step to the login, where the front generates a request to a secured resource for the token and stores it on the browser
Use modx direct security (maybe I’m overcomplicating)? I mean, so far I’ve used this and exposed a new index.php with its own .htaccess file for third parties to access me, but can I just add that logic to a resource properly protected with ACLs and it will “just work”? this last one came to mind while I was typing this, but I’m wondering what should be the best practice with ModX