JWT Token for API Endpoints

jeraso · November 29, 2022, 1:33am

Hello.
I’m using CMS pages (not plugins) to construct an API, according to the last documentation:

https://docs.octobercms.com/3.x/cms/resources/building-apis.html

The endpoints are working fine, but now I need to implement authorization. So, I think the best approach is to use JWT tokens.
I found a plugin (Vdomah.JWTAuth) to manage JWT Authentication. Now I’m able to log in a user (defined within Rainlab.User plugin) and get a valid token. But I can’t figure out how to use the provided middleware to protect the API pages that I have created in the active theme.

Any suggestions or comments will be greatly appreciated.

daft · December 3, 2022, 1:38am

Hi @jeraso

For this you can create a layout and use it as middleware. Assuming that the JWTAuth package has a “check” function JWTAuth::authenticate(), you can use it to abort the request. For example:

description = "My Layout"
==
<?
function onStart()
{   
    if (!JWTAuth::authenticate()) {
        return Response::make(['message' => 'Auth Failed'], 403);
    }
}
?>
==
{% page %}

Then use this layout for the API pages.

jeraso · December 7, 2022, 2:52pm

Thanks for your answer.

Some days ago, I realized the way to use a layout as middleware, by reading the documentation and the support entries for the plugin.