Authentication with JWT and JSONAPI

Question

Authentication with JWT and JSONAPI

I am implementing the REST API using the following technologies / approaches:

I want to implement an authentication endpoint, it should get the username and password in the POST request in JSONAPI format and return the JWT token in JSONAPI format. But I see that there are some contradictions that do not allow me to be 100% RESTful:

Let me name the endpoint /tokens , because it actually creates tokens. The answer will also be a resource like tokens , for example:

 { "data": { "type": "tokens", "attributes": { "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEifQ.ivJ5P23wqVo3w31flg3aOu7er--Ijght_RrBf_MuqsU", } } }

But what about the request? username and password are user properties, but they should be sent to the /tokens endpoint. If I send the users resource to the /tokens endpoint, that doesn't make much sense.

Is there a way for this to follow the JSONAPI and keep the API meaningful?

+5

authentication rest jwt json-api

Sergey Potapov Jan 15 '16 at 9:22

source share

2 answers

Mvdd · Answer 1 · 2016-01-15T17:43:36+0000

If I send a resource to users at the tokens endpoint, that doesn't make much sense.

Why not? REST does not impose that you send users only to a user resource. Of course, when you perform CRUD operations on a user resource, you will do this through the endpoint of the user resource.

But to create a token, it is quite reasonable to send a user resource to the endpoint of the token.

beauby · Answer 2 · 2016-03-26T15:15:22+0000

You can also provide user credentials through the HTTP authorization header or as part of the toplevel meta JSON payload property.

Authentication with JWT and JSONAPI

More articles: