User Authentication endpoint in the `API` engine


(Petros) #1

Hi,

I understand that among the recent changes was the use of knock gem and as a result currently the Auth engine authenticates the API engine using JWT.

I have used the knock gem as part of a recent Rails/Ember project and evidently, I had to expose an endpoint where the user would authenticate sending the credentials in JSON format and it would then receive a response with the JWT. I do not see this requirement in PushType. If this is indeed the case and its absence is a design decision, is there any chance this to be revisited? There is a valid doubt about its actual usefulness, since for the majority of the cases, the frontend will only fetch data, so an unprotected route exposing the data in e.g. JSONAPI is just fine.

But what if I have to POST data to PushType (e.g. contact-form).


(Aaron Russell) #2

At this moment in time there is no endpoint for fetching the JWT token. I’m currently working an early version of a new admin interface which uses the API and in this work I’m simply rendering the JWT token in the layout after the user has logged in. A proper endpoint for fetching the token will come, it’s just not there yet.

In any case, at this point I’d probably advise against using the built in API for too much. The work I did on the API was based on quite a few assumptions and the work I’m doing on the admin UI is revealing areas where I need the API to work a bit differently. I’m allowing this work on the admin UI to shape the “spec” of the API, and right now it looks like quite a lot will need to change.

So if you need some kind of API for your app, right now I think you’d be best to build your own solution for your purposes.