I understand that among the recent changes was the use of
knock gem and as a result currently the
Auth engine authenticates the API engine using JWT.
I have used the
knock gem as part of a recent
Rails/Ember project and evidently, I had to expose an
endpoint where the user would authenticate sending the credentials in
JSON format and it would then receive a response with the
JWT. I do not see this requirement in
PushType. If this is indeed the case and its absence is a design decision, is there any chance this to be revisited? There is a valid doubt about its actual usefulness, since for the majority of the cases, the frontend will only fetch data, so an unprotected route exposing the data in e.g. JSONAPI is just fine.
But what if I have to
POST data to
PushType (e.g. contact-form).