On JSON Mode (and JWT) I successfully login via username and password:
1. When login is success I got an Access Token. "authenticated_by" field is "password" only
2. I send a request to /otp-auth endpoint with Access Token from Step 1 in the Header field.
3. I get second Access Token from step 2 but this time "authenticated_by" field is "password" and "totp" (multiple)
4. Then I save this JWT Token in session myself:
session["test"] = jwt_token
I'm using Svelte App without default Rodauth templates, so I'm rebuilding the same login/authentication concept myself.
However, I have no idea how I'm going to validate if this JWT Token is:
1. logged_in?
2. authenticated?
Is there any method in Rodauth like:
# session["test"] is JWT Token stored by Roda app using client's POST Data on login
user = rodauth.login_from_jwt(session["test"])
user.logged_in? -> account_id
user.authenticated? -> false # however it should be true because that JWT is multi factor authenticated.
Basically, I'm trying to login and authenticate user via Svelte App by sending data to backend server and if everything is successful I'll store the JWT Token (or another?) in cookie/session so that next time user opens the login page it will remember.
Remember me feature works very well on standart Roda Views/Roda Config but on JSON API Mode I need to make my own remember_me. However, I need to check both logged_in? and authenticated? are OK inside Roda using JWT or similar approach. (Any advice would be helpful)
Note: No, I cannot use the standard HTML and Views :( Due to our application's nature it should be separated. Authentication server is fully on API Mode.
Note 2: Does checking If "logged_in? is not nil" and "authenticated_by.length >= 2" is a correct approach? Should I check this fields myself or is there any rodauth api for this task?