Provide a mechanism to get information about the current user: "me" meta link in /jsonapi, and make /jsonapi accessible to all

You need to be able to view user profiles to get info about the user.

Drupal Core HTTP Basic Authentication

Ok, so you're using basic_auth.

That Auth return a cookie with the session and a the following body

But now you're using cookie auth? POSTing to /user/login is for cookie authentication.

@e0ipso: yes, you'd need that permission, but how would you figure out your own user ID? Couldn't JSON API provide a magical /jsonapi/me route, which returns the current user object? (And links to /jsonapi/user/user/<UUID>.)

Once you have the uid of the user you can query JSON API as usual:

https://example.org/jsoanpi/user/user?filter[id][condition][path]=uid&filter[id][condition][value]=12

If you want to do that in a single request, you can use Subrequests.

#7: yes, the DX of that is painful, #2930231: JSON API 403 errors don't tell the user *why* access is not granted: requires deep Drupal understanding to figure out will help with that.

https://example.org/jsoanpi/user/user?filter[id][condition][path]=uid&filter[id][condition][value]=12

Why can't you do

https://example.org/jsoanpi/user/user?filter[uid][value]=12

?

\Drupal\jsonapi\Normalizer\FilterNormalizer::expandItem()'s docs says that should work.

Why can't you do https://example.org/jsoanpi/user/user?filter[uid][value]=12?

You can. If not, that's a bug. I wouldn't read too far into @e0ipso's use of the longer form filter. I think it was just fast typing.

#11: confirmed that that works — thanks 🙂

Hi!
But is it possible to get logged in user's data if we don't know the uid?
Something like "magical `/jsonapi/me` route, which returns the current user object?" as Wim Leers has mentioned?

But is it possible to get logged in user's data if we don't know the uid?

If you know the user's name, you can use that too: /jsonapi/user/user?filter[name][value]=SOME_USER_NAME

But is it possible to get logged in user's data if we don't know the uid? Something like "magical `/jsonapi/me` route, which returns the current user object?" as Wim Leers has mentioned?

Just to give an explicit answer: no, none of those are possible.

OTOH, I think it could be nice to provide a /jsonapi/me URL/route. This seems to be a pretty common request. I don't see a problem with providing that.

Thoughts?

OTOH, I think it could be nice to provide a /jsonapi/me URL/route. This seems to be a pretty common request. I don't see a problem with providing that.

Thoughts?

I would rather see this as either:

1. A sibling of the core routes that already exist with ref links to the JSON API/REST/Other representations of the user entity and some very simple data:

Location: /user/me?_format=json

{
  "name": "gabesullice",
  "uid": 123,
  "uuid": "some-uuid-here",
  "links": {
    "status":  "http://example.com/user/status?_format=json",
    "logout":  "http://example.com/user/logout?_format=json&token={logout_token}",
    "password_reset":  "http://example.com/user/password?_format=json&token={csrf_token}",
    "json":  "http://example.com/entity/user/{user}?_format=json",
    "api_json": "http://example.com/jsonapi/user/user/{some-uuid-here}"
  }
}

2. A link from the JSON API entrypoint to the appropriate individual resource:

Location: /jsonapi

{
  "links": {
    "...",
    "me": "http://example.com/jsonapi/user/user/{some-uuid-here}"
  }
}

1. Two complications: first, it's impossible to generate those URIs generically; second: most of the routes at https://www.drupal.org/node/2720655 are only ever relevant if you're doing cookie authentication.
2. Looks GREAT! I contemplated doing this, but I wasn't sure it made sense, because it'd be unlike all others. That's why I didn't propose it. Isn't that a concern for you?

Looks GREAT! I contemplated doing this, but I wasn't sure it made sense, because it'd be unlike all others. That's why I didn't propose it. Isn't that a concern for you?

I have no concerns with this except for one itty bitty thing, it will preclude a future resource type from being named me. So maybe it should be _me.

Should we put it in the meta (http://jsonapi.org/format/#document-meta) for /jsonapi?

Should we put it in the meta (http://jsonapi.org/format/#document-meta) for /jsonapi?

I like it!

I'm not convinced we should support it.

I've always thought that the /me pattern is an anti-pattern. Decoupled should not be bothered too much with cookie based sessions, since it's restricted to web browsers. Other popular authentication schemes require the consumers to send the ID proof on every request. Why would they need a /me resource they can do a regular query like #15 suggests? Additionally, adding this link plays havoc with cacheability.

If you agree, please set back to Closed. If not retweet move to Needs Work.

I've always thought that the /me pattern is an anti-pattern.

I agree! We should definitely not have a /me resource. That's why I proposed a link from the entry point to the canonical user resource.

I like it because it can provide a single, documentable mechanism to:

1. Get the current user ID (even without making a request)
2. Determine if the user is logged in (the link should disappear for anonymous)

Location: /jsonapi

{
  "meta": {
    "links": {
      "me": "http://example.com/jsonapi/user/user/{some-uuid-here}"
    }
  }
}

Decoupled should not be bothered too much with cookie based sessions

Yes, this can be done with token based auth, but wouldn't it be nice if there was "one true way" regardless of the authentication mechanism? By adding this feature, we allow authentication management to be a completely separate concern from the rest of the application. That lets generic clients be written, which is great for getting started because you can start with basic auth/cookie auth and "graduate" to oauth without needing to change anything else.

Additionally, adding this link plays havoc with cacheability.

Wouldn't this just mean adding the `user` cache context to the entry point? Seems simple enough.

By adding this feature, we allow authentication management to be a completely separate concern from the rest of the application.

This is also for me the reason that I even suggested this in the first place. Well, my suggestion in #17 was bad for the reasons you both cited. But adding a link as @gabesullice described, that solves the problem without the downsides of my #17 suggestion.

+1 to the solution in #24. Sorry I missed it before.

Wouldn't this just mean adding the `user` cache context to the entry point? Seems simple enough.

That's accurate. It's just that I feel better "versioning" a single small resource per-user as opposed to any user based query. That's why I'm happy with your proposal.

That's why I'm happy with your proposal.

Yay! Consensus!

Hurray again for consensus, but this is a new feature, so moving to the 2.x branch :)

Implemented the consensus.

I made one deviation from the consensus so far:

Determine if the user is logged in (the link should disappear for anonymous)

I chose not to do this, because once #2843922: Show label of inaccessible entities ('view' access denied) when 'view label' access is allowed lands, you'll be able to at least read the label (the username) of the anonymous (non-logged-in) user.

I chose not to do this because... you'll be able to at least read the label (the username) of the anonymous (non-logged-in) user.

I don't agree with this change.

Removing the me link didn't have to do with the anonymous user being inaccessible. It was to be the mechanism by which the API could communicate if "you're authenticated/unauthenticated" in a generic way for all authentication types.

As it's implemented now, the client will have to follow the link and then string match "Anonymous" or the UUID of the anonymous user will need to be hardcoded/shared with the client in advance.

I see your point.

“Me” really means “this particular user is *me*”. That is of course not true for the anonymous user: that represents many people.

I’ll reroll.

Let's also remove the access jsonapi resource list permission so that this is accessible to all users. I don't know why that's there anyway, it's just a stumbling block/WTF AFAICT.

Done.

+++ b/src/Controller/EntryPoint.php
@@ -102,23 +102,22 @@ class EntryPoint extends ControllerBase {
+      // The cacheability of the "me" URL is the cacheability of that URL itself
+      // plus the fact that its route parameter depends varies by user.

"The cacheability of the `me` URL depends on the URL itself and the currently authenticated user."

Update test coverage.

Incorporated #39.

Let's also remove the access jsonapi resource list permission so that this is accessible to all users. I don't know why that's there anyway, it's just a stumbling block/WTF AFAICT.

I figured, we'd probably want @e0ipso's approval... so I got it :P

gabesullice [9:58 AM]
@e0ipso, how do you feel about removing `access jsonapi resource list` from 2.x?
AFAICT, it's just a stumbling block
I trip on it every time I install JSON API fresh

e0ipso [9:59 AM]
@gabesullice would you have it open or assigned to an existing permission like `access content`?

gabesullice [9:59 AM]
open

e0ipso [10:16 AM]
@gabesullice I'm good with that

Did it.

#41 looks good to me (except for the attached change), so if @Wim Leers agrees with this, I think this can be committed.

That discloses which resource types exist, which is not really a disclosure at all. I'm fine with that :)

Zero permissions, yay!

OTOH, this does feel out of scope for the current issue. It kind of belongs in a separate issue … unless we change the issue title & scope :P

💥

Still needs CR.

https://www.drupal.org/node/2984034

Published.

👌

There is no need for a "me" route, because it can be created with a view. You can create a Serializer view with a filter for "User: Current (=Yes)". Here is an export of such a view:

uuid: 78a2cc9d-15d3-41cc-b201-2275cdd461b5
langcode: en
status: true
dependencies:
config:
- field.storage.profile.first
- field.storage.profile.last
- field.storage.profile.phone
- field.storage.user.programs
module:
- jsonapi
- orb_prog
- profile
- rest
- serialization
- user
id: user_by_username
label: 'User Data API'
module: views
description: ''
tag: ''
base_table: users_field_data
base_field: uid
core: 8.x
display:
default:
display_plugin: default
id: default
display_title: Master
position: 0
display_options:
access:
type: perm
options:
perm: 'add activity entities'
cache:
type: tag
options: { }
query:
type: views_query
options:
disable_sql_rewrite: false
distinct: true
replica: false
query_comment: ''
query_tags: { }
exposed_form:
type: basic
options:
submit_button: Apply
reset_button: false
reset_button_label: Reset
exposed_sorts_label: 'Sort by'
expose_sort_order: true
sort_asc_label: Asc
sort_desc_label: Desc
pager:
type: mini
options:
items_per_page: 10
offset: 0
id: 0
total_pages: null
expose:
items_per_page: false
items_per_page_label: 'Items per page'
items_per_page_options: '5, 10, 25, 50'
items_per_page_options_all: false
items_per_page_options_all_label: '- All -'
offset: false
offset_label: Offset
tags:
previous: ‹‹
next: ››
style:
type: serializer
row:
type: fields
options:
inline: { }
separator: ''
hide_empty: false
default_field_elements: true
fields:
name:
id: name
table: users_field_data
field: name
relationship: none
group_type: group
admin_label: ''
label: ''
exclude: false
alter:
alter_text: false
text: ''
make_link: false
path: ''
absolute: false
external: false
replace_spaces: false
path_case: none
trim_whitespace: false
alt: ''
rel: ''
link_class: ''
prefix: ''
suffix: ''
target: ''
nl2br: false
max_length: 0
word_boundary: false
ellipsis: false
more_link: false
more_link_text: ''
more_link_path: ''
strip_tags: false
trim: false
preserve_tags: ''
html: false
element_type: ''
element_class: ''
element_label_type: ''
element_label_class: ''
element_label_colon: false
element_wrapper_type: ''
element_wrapper_class: ''
element_default_classes: true
empty: ''
hide_empty: false
empty_zero: false
hide_alter_empty: true
click_sort_column: value
type: user_name
settings:
link_to_entity: false
group_column: value
group_columns: { }
group_rows: true
delta_limit: 0
delta_offset: 0
delta_reversed: false
delta_first_last: false
multi_type: separator
separator: ', '
field_api_classes: false
entity_type: user
entity_field: name
plugin_id: field
programs:
id: programs
table: user__programs
field: programs
relationship: none
group_type: group
admin_label: ''
label: ''
exclude: false
alter:
alter_text: false
text: ''
make_link: false
path: ''
absolute: false
external: false
replace_spaces: false
path_case: none
trim_whitespace: false
alt: ''
rel: ''
link_class: ''
prefix: ''
suffix: ''
target: ''
nl2br: false
max_length: 0
word_boundary: true
ellipsis: true
more_link: false
more_link_text: ''
more_link_path: ''
strip_tags: false
trim: false
preserve_tags: ''
html: false
element_type: ''
element_class: ''
element_label_type: ''
element_label_class: ''
element_label_colon: false
element_wrapper_type: ''
element_wrapper_class: ''
element_default_classes: true
empty: ''
hide_empty: false
empty_zero: false
hide_alter_empty: true
click_sort_column: target_id
type: entity_reference_entity_id
settings: { }
group_column: target_id
group_columns: { }
group_rows: true
delta_limit: 0
delta_offset: 0
delta_reversed: false
delta_first_last: false
multi_type: separator
separator: ', '
field_api_classes: false
plugin_id: field
uuid:
id: uuid
table: users
field: uuid
relationship: none
group_type: group
admin_label: ''
label: ''
exclude: false
alter:
alter_text: false
text: ''
make_link: false
path: ''
absolute: false
external: false
replace_spaces: false
path_case: none
trim_whitespace: false
alt: ''
rel: ''
link_class: ''
prefix: ''
suffix: ''
target: ''
nl2br: false
max_length: 0
word_boundary: true
ellipsis: true
more_link: false
more_link_text: ''
more_link_path: ''
strip_tags: false
trim: false
preserve_tags: ''
html: false
element_type: ''
element_class: ''
element_label_type: ''
element_label_class: ''
element_label_colon: false
element_wrapper_type: ''
element_wrapper_class: ''
element_default_classes: true
empty: ''
hide_empty: false
empty_zero: false
hide_alter_empty: true
click_sort_column: value
type: string
settings:
link_to_entity: false
group_column: value
group_columns: { }
group_rows: true
delta_limit: 0
delta_offset: 0
delta_reversed: false
delta_first_last: false
multi_type: separator
separator: ', '
field_api_classes: false
entity_type: user
entity_field: uuid
plugin_id: field
uuid_1:
id: uuid_1
table: orb_program
field: uuid
relationship: programs
group_type: group
admin_label: prog_uuid
label: ''
exclude: false
alter:
alter_text: false
text: ''
make_link: false
path: ''
absolute: false
external: false
replace_spaces: false
path_case: none
trim_whitespace: false
alt: ''
rel: ''
link_class: ''
prefix: ''
suffix: ''
target: ''
nl2br: false
max_length: 0
word_boundary: true
ellipsis: true
more_link: false
more_link_text: ''
more_link_path: ''
strip_tags: false
trim: false
preserve_tags: ''
html: false
element_type: ''
element_class: ''
element_label_type: ''
element_label_class: ''
element_label_colon: false
element_wrapper_type: ''
element_wrapper_class: ''
element_default_classes: true
empty: ''
hide_empty: false
empty_zero: false
hide_alter_empty: true
click_sort_column: value
type: string
settings:
link_to_entity: false
group_column: value
group_columns: { }
group_rows: true
delta_limit: 0
delta_offset: 0
delta_reversed: false
delta_first_last: false
multi_type: separator
separator: ', '
field_api_classes: false
entity_type: orb_program
entity_field: uuid
plugin_id: field
phone:
id: phone
table: profile__phone
field: phone
relationship: profile
group_type: group
admin_label: ''
label: ''
exclude: false
alter:
alter_text: false
text: ''
make_link: false
path: ''
absolute: false
external: false
replace_spaces: false
path_case: none
trim_whitespace: false
alt: ''
rel: ''
link_class: ''
prefix: ''
suffix: ''
target: ''
nl2br: false
max_length: 0
word_boundary: true
ellipsis: true
more_link: false
more_link_text: ''
more_link_path: ''
strip_tags: false
trim: false
preserve_tags: ''
html: false
element_type: ''
element_class: ''
element_label_type: ''
element_label_class: ''
element_label_colon: false
element_wrapper_type: ''
element_wrapper_class: ''
element_default_classes: true
empty: ''
hide_empty: false
empty_zero: false
hide_alter_empty: true
click_sort_column: value
type: string
settings:
link_to_entity: false
group_column: value
group_columns: { }
group_rows: true
delta_limit: 0
delta_offset: 0
delta_reversed: false
delta_first_last: false
multi_type: separator
separator: ', '
field_api_classes: false
plugin_id: field
uuid_2:
id: uuid_2
table: profile
field: uuid
relationship: profile
group_type: group
admin_label: ''
label: ''
exclude: false
alter:
alter_text: false
text: ''
make_link: false
path: ''
absolute: false
external: false
replace_spaces: false
path_case: none
trim_whitespace: false
alt: ''
rel: ''
link_class: ''
prefix: ''
suffix: ''
target: ''
nl2br: false
max_length: 0
word_boundary: true
ellipsis: true
more_link: false
more_link_text: ''
more_link_path: ''
strip_tags: false
trim: false
preserve_tags: ''
html: false
element_type: ''
element_class: ''
element_label_type: ''
element_label_class: ''
element_label_colon: false
element_wrapper_type: ''
element_wrapper_class: ''
element_default_classes: true
empty: ''
hide_empty: false
empty_zero: false
hide_alter_empty: true
click_sort_column: value
type: string
settings:
link_to_entity: false
group_column: value
group_columns: { }
group_rows: true
delta_limit: 0
delta_offset: 0
delta_reversed: false
delta_first_last: false
multi_type: separator
separator: ', '
field_api_classes: false
entity_type: profile
entity_field: uuid
plugin_id: field
mail:
id: mail
table: users_field_data
field: mail
relationship: none
group_type: group
admin_label: ''
label: ''
exclude: false
alter:
alter_text: false
text: ''
make_link: false
path: ''
absolute: false
external: false
replace_spaces: false
path_case: none
trim_whitespace: false
alt: ''
rel: ''
link_class: ''
prefix: ''
suffix: ''
target: ''
nl2br: false
max_length: 0
word_boundary: true
ellipsis: true
more_link: false
more_link_text: ''
more_link_path: ''
strip_tags: false
trim: false
preserve_tags: ''
html: false
element_type: ''
element_class: ''
element_label_type: ''
element_label_class: ''
element_label_colon: false
element_wrapper_type: ''
element_wrapper_class: ''
element_default_classes: true
empty: ''
hide_empty: false
empty_zero: false
hide_alter_empty: true
click_sort_column: value
type: email_mailto
settings: { }
group_column: value
group_columns: { }
group_rows: true
delta_limit: 0
delta_offset: 0
delta_reversed: false
delta_first_last: false
multi_type: separator
separator: ', '
field_api_classes: false
entity_type: user
entity_field: mail
plugin_id: field
first:
id: first
table: profile__first
field: first
relationship: profile
group_type: group
admin_label: ''
label: ''
exclude: false
alter:
alter_text: false
text: ''
make_link: false
path: ''
absolute: false
external: false
replace_spaces: false
path_case: none
trim_whitespace: false
alt: ''
rel: ''
link_class: ''
prefix: ''
suffix: ''
target: ''
nl2br: false
max_length: 0
word_boundary: true
ellipsis: true
more_link: false
more_link_text: ''
more_link_path: ''
strip_tags: false
trim: false
preserve_tags: ''
html: false
element_type: ''
element_class: ''
element_label_type: ''
element_label_class: ''
element_label_colon: false
element_wrapper_type: ''
element_wrapper_class: ''
element_default_classes: true
empty: ''
hide_empty: false
empty_zero: false
hide_alter_empty: true
click_sort_column: value
type: string
settings:
link_to_entity: false
group_column: value
group_columns: { }
group_rows: true
delta_limit: 0
delta_offset: 0
delta_reversed: false
delta_first_last: false
multi_type: separator
separator: ', '
field_api_classes: false
plugin_id: field
last:
id: last
table: profile__last
field: last
relationship: profile
group_type: group
admin_label: ''
label: ''
exclude: false
alter:
alter_text: false
text: ''
make_link: false
path: ''
absolute: false
external: false
replace_spaces: false
path_case: none
trim_whitespace: false
alt: ''
rel: ''
link_class: ''
prefix: ''
suffix: ''
target: ''
nl2br: false
max_length: 0
word_boundary: true
ellipsis: true
more_link: false
more_link_text: ''
more_link_path: ''
strip_tags: false
trim: false
preserve_tags: ''
html: false
element_type: ''
element_class: ''
element_label_type: ''
element_label_class: ''
element_label_colon: false
element_wrapper_type: ''
element_wrapper_class: ''
element_default_classes: true
empty: ''
hide_empty: false
empty_zero: false
hide_alter_empty: true
click_sort_column: value
type: string
settings:
link_to_entity: false
group_column: value
group_columns: { }
group_rows: true
delta_limit: 0
delta_offset: 0
delta_reversed: false
delta_first_last: false
multi_type: separator
separator: ', '
field_api_classes: false
plugin_id: field
filters:
uid_current:
id: uid_current
table: users
field: uid_current
relationship: none
group_type: group
admin_label: ''
operator: '='
value: '1'
group: 1
exposed: false
expose:
operator_id: ''
label: ''
description: ''
use_operator: false
operator: ''
identifier: ''
required: false
remember: false
multiple: false
remember_roles:
authenticated: authenticated
is_grouped: false
group_info:
label: ''
description: ''
identifier: ''
optional: true
widget: select
multiple: false
remember: false
default_group: All
default_group_multiple: { }
group_items: { }
entity_type: user
plugin_id: user_current
sorts: { }
header: { }
footer: { }
empty: { }
relationships:
programs:
id: programs
table: user__programs
field: programs
relationship: none
group_type: group
admin_label: Program
required: false
plugin_id: standard
profile:
id: profile
table: users_field_data
field: profile
relationship: none
group_type: group
admin_label: Profile
required: false
entity_type: user
plugin_id: standard
uid:
id: uid
table: profile
field: uid
relationship: profile
group_type: group
admin_label: User
required: false
entity_type: profile
entity_field: uid
plugin_id: standard
arguments:
mail:
id: mail
table: users_field_data
field: mail
relationship: none
group_type: group
admin_label: ''
default_action: default
exception:
value: all
title_enable: false
title: All
title_enable: false
title: ''
default_argument_type: raw
default_argument_options:
index: 2
use_alias: false
default_argument_skip_url: false
summary_options:
base_path: ''
count: true
items_per_page: 25
override: false
summary:
sort_order: asc
number_of_records: 0
format: default_summary
specify_validation: false
validate:
type: none
fail: 'not found'
validate_options: { }
glossary: false
limit: 0
case: none
path_case: none
transform_dash: false
break_phrase: false
entity_type: user
entity_field: mail
plugin_id: string
display_extenders: { }
filter_groups:
operator: AND
groups:
1: AND
cache_metadata:
max-age: -1
contexts:
- 'languages:language_content'
- 'languages:language_interface'
- request_format
- url
- url.query_args
- user
- user.permissions
tags:
- 'config:field.storage.profile.first'
- 'config:field.storage.profile.last'
- 'config:field.storage.profile.phone'
- 'config:field.storage.user.programs'
rest_export_1:
display_plugin: rest_export
id: rest_export_1
display_title: 'by Username'
position: 1
display_options:
display_extenders: { }
path: views/user_name
pager:
type: none
options:
offset: 0
style:
type: serializer
options:
uses_fields: false
formats:
api_json: api_json
json: json
row:
type: data_field
options:
field_options:
name:
alias: name
raw_output: true
programs:
alias: programs
raw_output: true
uuid:
alias: programs_uuid
raw_output: true
uuid_1:
alias: user_uuid
raw_output: true
phone:
alias: phone
raw_output: true
uuid_2:
alias: profile_uuid
raw_output: true
mail:
alias: email
raw_output: true
first:
alias: first
raw_output: true
last:
alias: last
raw_output: true
display_description: ''
arguments:
name:
id: name
table: users_field_data
field: name
relationship: none
group_type: group
admin_label: ''
default_action: default
exception:
value: all
title_enable: false
title: All
title_enable: false
title: ''
default_argument_type: raw
default_argument_options:
index: 2
use_alias: false
default_argument_skip_url: false
summary_options:
base_path: ''
count: true
items_per_page: 25
override: false
summary:
sort_order: asc
number_of_records: 0
format: default_summary
specify_validation: false
validate:
type: none
fail: 'not found'
validate_options: { }
glossary: false
limit: 0
case: none
path_case: none
transform_dash: false
break_phrase: false
entity_type: user
entity_field: name
plugin_id: string
defaults:
arguments: false
auth: { }
cache_metadata:
max-age: -1
contexts:
- 'languages:language_content'
- 'languages:language_interface'
- request_format
- url
- user
- user.permissions
tags:
- 'config:field.storage.profile.first'
- 'config:field.storage.profile.last'
- 'config:field.storage.profile.phone'
- 'config:field.storage.user.programs'
rest_export_2:
display_plugin: rest_export
id: rest_export_2
display_title: 'by Email'
position: 1
display_options:
display_extenders: { }
path: views/user_email
pager:
type: none
options:
offset: 0
style:
type: serializer
options:
uses_fields: false
formats:
api_json: api_json
json: json
row:
type: data_field
options:
field_options:
name:
alias: name
raw_output: true
programs:
alias: programs
raw_output: true
uuid:
alias: programs_uuid
raw_output: true
uuid_1:
alias: user_uuid
raw_output: true
phone:
alias: phone
raw_output: true
uuid_2:
alias: profile_uuid
raw_output: true
mail:
alias: email
raw_output: true
first:
alias: first
raw_output: true
last:
alias: last
raw_output: true
display_description: ''
cache_metadata:
max-age: -1
contexts:
- 'languages:language_content'
- 'languages:language_interface'
- request_format
- url
- user
- user.permissions
tags:
- 'config:field.storage.profile.first'
- 'config:field.storage.profile.last'
- 'config:field.storage.profile.phone'
- 'config:field.storage.user.programs'

Amazing, really useful!
Using oauth, the way we proceeded was doing /oauth/debug?_format=json and use the user id this provides to filter as suggested above by e0ipso. This will make it much easier though.

(For drupal 7 had to read the core committers' discussions from ages ago, for Drupal 8 watching it unfold is amazingly interesting :D )

@littletiger: Thanks, that's wonderful to hear! ❤️

CR exists, and the follow-up now has a patch too: #3002646-5: Follow-up to #2927037: Add test coverage for `meta.links.me` when a user is authenticated.