/auth response data lacking information

Resolved

(@nilsnolde)

Hi again,

I wonder if it’s intended that the /auth endpoint gives so little information while /auth/validate gives the full information block for the JWT?

I’d expect the jwt response field to be the same for both endpoints (and as configured in the admin area for JWT payload parameters, e.g.:


      "jwt": [
            {
                "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1OTUyNzczNTIsImV4cCI6MTU5NTI4MDk1MiwiZW1haWwiOiJuaWx",
                "header": {
                    "typ": "JWT",
                    "alg": "HS256"
                },
                "payload": {
                    "iat": 1595277352,
                    "exp": 1595280952,
                    "email": "nils@xxx.com",
                    "id": 1
                },
                "expire_in": 2522
            }
        ]

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author nicu_m
(@nicu_m)

2 years, 8 months ago

Hello @nilsnolde,

When I’ve built the /auth endpoint, I was thinking that the people need only the JWT on this endpoint. But, there will be no problem to add more information here. If this helps you, I can add all the information about the user and the JWT.

For the /validate endpoint, I’ve tried to add as much information I could, because, I was thinking it will help other developers in parsing the data from JWT.

I will create a todo task on my board, and I will make the result from /auth to be identical with /auth/validate.

I will come back with updates.

Thank you for your suggestion.

Best regards,
Nicu.

Thread Starter nilsnolde
(@nilsnolde)

2 years, 8 months ago

Sounds good, thanks Nicu! And sorry, I should’ve phrased more suggestive, was a bit too demanding..

Anyways, maybe all jwt routes can have the same object jwt array? I.e. /auth, /auth/validate and /auth/refresh? It’d make it more consistent for clients I think.

Plugin Author nicu_m
(@nicu_m)

2 years, 8 months ago

Hello @nilsnolde,

I think that the idea that you are suggesting is very good, and I totally agree.

In the beginning, I’ve released the /auth endpoint. After having some feature requests, I’ve started to develop the /auth/validate and /auth/refresh endpoints.

It is a little bit tricky, to change the response, because, I prefer the option that the code has backward compatibility, so the users will not have to change the code after they update the plugin. But, I will try to follow your guidelines and also offer backward compatibility.

I hope that starting next week, I will start working on this.

Also, I want to personally thank you for supporting this plugin and offering me ideas about how I can improve this plugin.

I will let you know once I make these changes.

Best regards,
Nicu.

Thread Starter nilsnolde
(@nilsnolde)

2 years, 8 months ago

Very welcome! Thanks to you for being so open about feature requests, that’s not granted either.

Did you consider putting the code on Gitlab/-hub in an open repository? Going forward, this plugin will be indispensable for WP REST API (esp headless setups) as it’s the most feature-complete JWT plugin (I think) and the amount of issues in the past weeks in this forum even accelerated suggesting people are just starting to get aware of it. I have a plugin since a couple of months too, no one ever writes anything :D. So from my point of view this is skyrocketing here and it’s so new. Putting it on Github might help you there, when (and if) the community contributes. Just a thought:)

EvdHeuvel
(@evdheuvel)

2 years, 8 months ago

Agree with @nilsnolde, having additional information in the payload would be great (e.g. use the same object for all routes). It would simplify the integration for my headless setup. +1

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘/auth response data lacking information’ is closed to new replies.

Views