3

I use Socialite library in Laravel. In documentation tells one paragraph:

The stateless method may be used to disable session state verification. This is useful when adding social authentication to an API:

what really does it mean? When I should use that?

Dev
  • 1,013
  • 7
  • 15
  • 37

1 Answers1

6

Actually, the basic authentication mechanism uses session to store the visitors identity so when you once get authenticated (providing credentials in a login form) the application doesn't ask for the password again when you visit another page after login. So, the session is used to keep the user's current state in the application. This is what happens in most of the cases.

On the other hand, the stateless authentication is used without using the session. In this case, the application doesn't keep any data into the session to identify the user on subsequent requests. Instead, it verifies every request independently.

When you gonna need this?

Basically, it's needed when you are going to build some kind of API which may serve resources as service to users where a user may send a request to your API to get data from anywhere, I mean the user may not be a registered user of your system but you may allow a user to consume data from your server depending on some sort of token based authentication.

This is not enough to describe the stateless auth but this may give you some idea. Further, you may check How to do stateless (session-less) & cookie-less authentication and this and also you'll find useful links if you search on Google using the term Stateless Authentication.

Community
  • 1
  • 1
The Alpha
  • 143,660
  • 29
  • 287
  • 307
  • So, if I need only check if user authenticated in social network and her account id there is in database then I can use `stateless method`? – Dev Nov 12 '16 at 20:47
  • I mean I get authenticated user data from social network and associate this with account in own project – Dev Nov 12 '16 at 20:50
  • Yes but it depends on your app/API requirements. Sometimes we store the state of the current user in an application by checking other app/auth servers about the user's identity. This is a huge subject on it's own. – The Alpha Nov 12 '16 at 20:50
  • 1
    Also, search for [Oauth Authentication](https://www.google.com.bd/webhp?sourceid=chrome-instant&rlz=1C5CHFA_enBD695BD695&ion=1&espv=2&ie=UTF-8#q=oauth%20authentication). – The Alpha Nov 12 '16 at 20:52
  • So, if I use stateless method it means that after closing browser I lose session and need authorization again? – Dev Nov 12 '16 at 20:52
  • 1
    The stateless auth doesn't keep any info but it depends on per request. – The Alpha Nov 12 '16 at 20:53