Lumen 5.5 Session store not set on request

Question

I use vue-authenticate (https://github.com/dgrubelic/vue-authenticate) to create two kinds of connection on our web service, the first method is the connection to his account, the second method is the addition of account when connected.

I use Lumen (by Laravel) for backend and connection management in PHP.

Only sessions are not available under Lumen, how do I store temporary credentials?

use League\OAuth1\Client\Server\Twitter;

public function login(Request $request)
{
    try {

        $this->server = new Twitter([
            'identifier' => $this->key,
            'secret' => $this->secret,
            'callback_uri' => $request->get('redirectUri'), // Variable getted from POST
        ]);

        if(empty($request->get('oauth_token'))) {
            $temporaryCredentials = $this->server->getTemporaryCredentials();

            $request->session()->put('temporary_credentials', serialize($temporaryCredentials)); // Session doesn't works

            return response()->json([
                'oauth_token' => $temporaryCredentials->getIdentifier(),
                'oauth_token_secret' => $temporaryCredentials->getSecret(),
            ], 200);
        } else {
            // I must have oauth_token here with session
        }

    } catch (\Exception $e) {
        return response()->json($e->getMessage(), 500);
    }
}

Answer 1

I think you just misunderstood the concept of Web Service (API). API is not a stateful application, rather it's a stateless, means no session available for each request. So, in major API framework, session is not supported (officially). To handle your problem, you can store your temporary credentials in a database or maybe in a cache (with TTL, eg: 60 minutes), like this:

$requestIdentifier = $request->getClientIdentifier(); // YOU SHOULD IMPLEMENT THIS METHOD

Cache::put($requestIdentifier, $temporaryCredentials, 60);

To retrieve your cache just use:

$temporaryCredentials = Cache::get($requestIdentifier);

Here I give you some idea, when you implement getClientIdentifier, you can force the client to send a unique key inside your header, like:

axios.post('http://somewhere', {
    headers: {
        'x-request-identifier': UNIQUE_ID
    }
})

In your API:

$requestIdentifier = $request->header('x-request-identifier');