Add API features - WIP #218
Conversation
| user = auth.attempt(request.input("username"), request.input("password")) | ||
|
|
||
| if user: | ||
| return {"data": user.generate_jwt()} |
There was a problem hiding this comment.
here it means that a new JWT token is generated each time we make a request to this controller, replacing the token in user table with the newly generated ?
And what's the lifetime of this token ?
Also should we rename data to token ?
There was a problem hiding this comment.
Yes. Once you have a token you would not need to hit this endpoint anymore.
The lifetime of the token will be inside the JWT token which I have to add inside the generate_gwt() method. Somehow I still need to hook this all up to the normal feature convention we have so I have access to the configuration settings in the same way we do with other features
There was a problem hiding this comment.
Yep it would be great. because I feel we would like to define some settings to generate JWT.
The first iteration of API improvements in M4 will be pretty small. Just the requirements.
So to build an API using these features is something like this:
Step 1
You can create a normal controller or create a resource controller:
Step 2
Create your route, could be normal routes or you can use the new
resourcemethod which maps several routes to the matching controller method:Step 3
Add the authentication controller:
This will scaffold out the authentication controller so you can modify it
Step 4
Call
/api/authwith your username and password and get back a token which is saved to the users table. You can use this token to make requests.The JWTAuthenticationMiddleware will verify this token is passed and that it is valid