JWT only api endpoints and custom responses

[Bruno Aníbal Prieto González]

Hello!

I hope you are well.

I have 2 questions, sorry if they are very basic, I am just starting in Rails recently. I need to have an api in rails with authentication, I followed the steps that are in the documentation and I think it already works, but I don't know what are the parameters that I should put to the routes. Can I find that somewhere?

For example, I was trying something like this, but it doesn't work:

POST http://localhost:3000/create-account

Content-Type: application/json

{

    "account": {

        "email": "bruno...@gmail.com",

        "password": "Bb01pqña"

    }

}

I would also like to know if there is a way to respond with additional user information when logging in, such as name, etc.

I am currently using Doorkeeper, I would like to switch to Rodauth, but I can't find a way to do those 2 things.

Thank you very much in advance

[Jeremy Evans]

You want email and password without wrapping it in account.  Can you try that?

Thanks,

Jeremy

[Bruno Aníbal Prieto González]

Thank you very much for your response. I tried that but it didn't work, I did this:

POST http://localhost:3000/create-account

Content-Type: application/json

{

    "email": "bruno...@gmail.com",

    "password": "Bb01pqña"

}

And I get this response

{

  "field-error": [

    "login",

    "invalid login, minimum 3 characters"

  ],

  "error": "There was an error creating your account"

}

This is the log in Rails

Started POST "/create-account" for 127.0.0.1 at 2021-05-04 23:09:40 -0400

   (0.5ms)  SELECT sqlite_version(*)

   (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC

  Sequel (0.1ms)  SELECT sqlite_version()

  ↳ app/lib/rodauth_app.rb:128:in `block in <class:RodauthApp>'

  Sequel (0.6ms)  SELECT * FROM `accounts` WHERE ((`email` = '') AND (`status` IN ('unverified', 'verified'))) LIMIT 1

  ↳ app/lib/rodauth_app.rb:128:in `block in <class:RodauthApp>'

Thanks

[Jeremy Evans]

On Tue, May 4, 2021 at 8:14 PM Bruno Aníbal Prieto González <bruno...@gmail.com> wrote:

Thank you very much for your response. I tried that but it didn't work, I did this:

POST http://localhost:3000/create-account

Content-Type: application/json

{

    "email": "bruno...@gmail.com",

    "password": "Bb01pqña"

}

And I get this response

{

  "field-error": [

    "login",

    "invalid login, minimum 3 characters"

  ],

  "error": "There was an error creating your account"

}

That sort of tells you the issue right there.  It's expecting a parameter named login (not email) for the login.  So either change the parameter from email to login, or use the following in your Rodauth configuration:

  login_param 'email'

Thanks,

Jeremy

[Bruno Aníbal Prieto González]

Great, that worked!

Sorry if I keep asking. What parameters does jwt-refresh receive? I tried several but it always tells me it's invalid, I'm also not sure if the logout is working right, although it returns a satisfactory response.

I'm trying this, well, one of several I tried:

POST http://localhost:3000/jwt-refresh

Content-Type: application/json

Authorization: Bearer access_token...

{

    "refresh_token": "1_3_WU..."

}

The response is:

  "error": "invalid JWT refresh token"  

And the log:

Started POST "/jwt-refresh" for 127.0.0.1 at 2021-05-05 00:36:54 -0400

   (0.1ms)  SELECT sqlite_version(*)

  ↳ app/lib/rodauth_app.rb:128:in `block in <class:RodauthApp>'

  Sequel (0.3ms)  DELETE FROM `account_jwt_refresh_keys` WHERE ((`account_id` = '1') AND (CURRENT_TIMESTAMP > `deadline`

))

  ↳ app/lib/rodauth_app.rb:128:in `block in <class:RodauthApp>'

  Sequel (0.2ms)  SELECT `key` FROM `account_jwt_refresh_keys` WHERE ((`account_id` = '1') AND (`id` = '3')) LIMIT 1

  ↳ app/lib/rodauth_app.rb:128:in `block in <class:RodauthApp>'

  Sequel (0.1ms)  SELECT * FROM `accounts` WHERE ((`id` = '1') AND (`status` = 'verified')) LIMIT 1

  ↳ app/lib/rodauth_app.rb:128:in `block in <class:RodauthApp>'

Maybe it would be nice if you could add the endpoints with the parameters needed in the documentation, or maybe I'm not looking for them right.

And how could I customize the login response to include certain profile data, for example?

Thank you very much for your help

[Jeremy Evans]

On Tue, May 4, 2021 at 9:42 PM Bruno Aníbal Prieto González <bruno...@gmail.com> wrote:

Great, that worked!

Sorry if I keep asking. What parameters does jwt-refresh receive? I tried several but it always tells me it's invalid, I'm also not sure if the logout is working right, although it returns a satisfactory response.

I'm trying this, well, one of several I tried:

POST http://localhost:3000/jwt-refresh

Content-Type: application/json

Authorization: Bearer access_token...

{

    "refresh_token": "1_3_WU..."

}

The response is:

  "error": "invalid JWT refresh token"  

This appears to be using the correct parameter name, so I'm not sure why it is failing unless the value given is not a valid token, or the account is not open.  The access token is correct or you would get a different error message.

If you would like me to debug, please produce a minimal self contained example using Roda+Rodauth (no Rails), and example code for submitting requests directly using #call on the Roda application.

 

Maybe it would be nice if you could add the endpoints with the parameters needed in the documentation, or maybe I'm not looking for them right.

All of the parameter names are configurable and end in _param, are default values are documented.  For example: http://rodauth.jeremyevans.net/rdoc/files/doc/jwt_refresh_rdoc.html

 

And how could I customize the login response to include certain profile data, for example?

after_login do

  json_response['foo'] = 'bar' 

end

Thanks,

Jeremy