- 🇲🇪Montenegro Dmitriy.trt
An updated version of the #29 patch is attached. It should be compatible with both Drupal 9 & 10.
Considering questions of #26, it requires some changes. And, it would be nice to have tests for the feature it adds. Unfortunately, I don't have time for it at the moment.
- 🇬🇧United Kingdom alexpott 🇪🇺🌍
It would be great if this functionality was rolled into the JWT module. I've got a client site using https://www.drupal.org/project/getjwtonlogin → for this functionality but it definitely feels as though it belongs in the JWT module. I'm going to add tests and try to implement #26.
I will also add test coverage.
There's one more thing that this issue opens up. There are questions about session. If you use user.login.http a session will be generated when you log in. However if you only use the bearer token you've been given for authentication then the session will not be maintained as sessions in Drupal work via cookies. A cookie will be returned on the login request but you'll need to extract it and use it in your app which feels like a duplication of the work being done for the bearer token.
Therefore I think we should do two things:
1. Make the creation of session configurable
2. Make it possible to use the bearer token for session.Given that these are existing issues I propose that we address this on follow-up. That said, I do have some concerns that making the creation of session configurable will necessitate significant changes to the approach of decorating the user.login.http using the response event.
- last update
4 months ago 13 pass - last update
4 months ago 14 pass - last update
4 months ago 14 pass - last update
4 months ago 14 pass - Status changed to Needs review
4 months ago 5:05pm 19 February 2024 - 🇬🇧United Kingdom alexpott 🇪🇺🌍
Updating the issue summary to outline the more recent solution.
- last update
4 months ago 14 pass - Status changed to Needs work
4 months ago 3:50pm 28 February 2024 - last update
4 months ago 14 pass - last update
4 months ago 14 pass - Status changed to Needs review
4 months ago 5:51pm 29 February 2024 - 🇬🇧United Kingdom alexpott 🇪🇺🌍
I've addressed @pwolanin's feedback and also opened a core issue to make this easier - see ✨ Allow modules to alter the user.login.http response data without having to re-serialize the data Active
- last update
4 months ago 14 pass - last update
4 months ago 14 pass - last update
4 months ago 14 pass - last update
4 months ago 14 pass I tested this with a SimplyTest.me site and Postman. I was able to POST to user/login?_format=json and see
access_tokenin the response, and I was able to use that as a Bearer token to GET restricted content for /jsonapi/node/recipe.- Status changed to RTBC
4 months ago 3:04pm 15 March 2024 -
pwolanin →
committed b9fec633 on 2.x authored by
alexpott →
Issue #2957273 by alexpott, ndrake86, mmbk, Dmitriy.trt, edisch,...
-
pwolanin →
committed b9fec633 on 2.x authored by
alexpott →
- Status changed to Fixed
4 months ago 3:18pm 15 March 2024 - 🇮🇳India rituraj.gupta Pune
HI @myavorsky,
How did you resolve this issue? Could you please explain in detail?
Thanks,
Ritu Raj Automatically closed - issue fixed for 2 weeks with no activity.