I thought I'd posted this earlier today, but can't find the thread, so apologies if this comes up twice ...
I'm in the process of building a small multi-tentant web app using Aura.Auth for authentication. Each tenant has their own unique copy of the DB, so once logged in, the query is executed against the DB for the authenticated user.
I need to use Jquery autocomplete to display on a form input, but the data needs to come from the tenant's own DB. Is there a "correct" way to pass through the authenticated user's credentials, so that the PHP script that is executed by Jquery is able to retrieve records from the correct tenant's DB, please?
I've read somewhere that I could use an authentication token which expires, but this could obviously be stolen and used by somebody else before the expiry date/time. Does this need to be combined with the user's external IP address or is there a better method, please/