New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use access_token authentication method #31
Comments
Just saw #16 so closing. |
@vanling You are right, this does not solve the problem. I will reopen this issue. |
I have done some more research and you are correct, this request is to use the stand-alone user token not JWT. You can append a query string ?access_token to each request but a way to add the Authorization Bearer header would be better IMO. |
This indeed would be a nice feature to have an option to send the token through headers instead of the querystring. |
https://docs.directus.io/reference/authentication/#login According to the Directus documentation, the login endpoint does not accept a token. |
@Intevel It's not so much for user authentication but for api access via an static token you can set per user. Would love to be able to add a token in the nuxt config
And the idea is that the token would be used in an Authorization Bearer header for every request. For example, i create a user in Directus called "api_application" and give that user a static access token. Now i can make specific data available to the public for a single application. extra info:
|
@vanling I would say that we add to the At the setup of the module the options are merged with the public runtime config, the token would be revealed. |
Related to #27 |
It would be ok to reveal the token to public if that's the choice of the developer. Would just need to be clear in the documentation that this would be the case. I create tokens with restricted read/write access for different websites that use the same directus api/instance. This way I can block an application by removing a key and also see which application has written data into the api. Directus SDK example: https://docs.directus.io/reference/sdk/#with-static-tokens |
@craigharman What do you think about this? |
I agree it should be a developer choice. @vanling use case for the token will work although as per the directus documentation the long lived tokens are more designed for server to server communication where the token can be stored without exposing to client. |
Is your feature request related to a problem? Please describe.
You currently can't use the Directus access token method to authenticate to the API.
Ie. I share the "token" from the User > Admin Settings section and provide that in the Query String or the Authorization Bearer header.
Describe the solution you'd like
login should accept a {"token" OR { email: string, password: string }
The text was updated successfully, but these errors were encountered: