This project is not covered by Drupal’s security advisory policy.
JSON Web Tokens (JWT) are commonly used for authentication to routes, services, and resources. They are digitally signed, which enables secure transmission of information that is verified and trusted. Using JWTs instead of sessions (cookies) is considered as a more modern approach to authentication.
Drupal can be used -in a decoupled manner- as a backend, communicating with the front-end via restful services. That is where JWTs come into the picture. Mobile apps as well as modern front-end frameworks like angular and react are better off with JWTs.
When someone logs in Drupal returns the following response:
{
"current_user": {
"uid": "1",
"name": "admin"
},
"csrf_token": "UlGb7fak5ZS-r1BRistBh4IWLm_Z7F1xMpY3KYTGqcU",
"logout_token": "7AvbnHgr9iDxIDVertHTI3PMX2-Shd6sjuN8hNHrHv8F"
}
As you see JWT token is not there. After enabling the JWT module. and configuring it to authenticate requests to REST resources in Drupal, one can access the user JWT token by visiting /jwt/token. But the problem is you need to be already "logged in" to access that page and you are required to use cookies to make a successfull connection to this route.
This module simply changes the login response, adding access token (JWT) to login response.
The module is mainly based on deepanker_bhalla's code.
-INSTALLATION-
You can install and enable this module like any other module.
-USAGE-
There is no configuration page for now. When you enable the module only difference you get is:
When you login via restful services (https://your-drupal-site/user/login?_format=json), the response coming from Drupal back-end will be altered to include "access_token". You'll be getting something like:
{
"current_user": {
"uid": "1",
"name": "admin"
},
"csrf_token": "UlGb7fak5ZS-r1BRistBh4IWLm_Z7F1xMpY3KYTGqcU",
"logout_token": "7AvbnHgr9iDxIDVertHTI3PMX2-Shd6sjuN8hNHrHv8F",
"access_token": "eyJ0eXAiOiJKV1QiLDJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE1NDg2NzA3NDUsImV4cCI6MTU0ODY3NDM0NSwiZHJ1cGAsIjp7InVpZCI6IjYifX0.cnG6atSLYrRh6D05LZg9RwrJJdYoJfTBXTUZboPhJH3lYf640FmQTkJwwy9E8kg7ot59qyb5qtgIewM3R1KCDw"
}
access_token here is the JWT. You can make subsequent requests using this token. For example if you GET https://your-drupal-site/user/login_status?_format=json with a valid token:
GET /user/login_status?_format=json HTTP/1.1
Host: your-drupal-site
Content-type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLDJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE1NDg2NzA3NDUsImV4cCI6MTU0ODY3NDM0NSwiZHJ1cGAsIjp7InVpZCI6IjYifX0.cnG6atSLYrRh6D05LZg9RwrJJdYoJfTBXTUZboPhJH3lYf640FmQTkJwwy9E8kg7ot59qyb5qtgIewM3R1KCDw
cache-control: no-cache
You will see it returns 1
Project information
Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed.- Maintenance fixes only
Considered feature-complete by its maintainers. - Project categories: Decoupled, Security, Integrations
309 sites report using this module- Created by salihcenap on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
