Access admin panel through link with token

[guillermodoghel]

Depending the user role, I have an admin panel link in my frontend. But due its in another host, admin user needs to login again. I would love to have a way to access de admin panel via an href, something like http://localhost:1337/admin/?login=asdfasdfasdf.... that allows me to enter directly into the admin panel without need to re-login

What is the expected behavior?

Given a route to the admin panel, allow to login using the JWT token as a parameter. (asuming I got the token from the login request from the API)
IE: http://localhost:1337/admin/?login=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MywiaWF0IjoxNTMwMDIwMzkxLCJleHAiOjE1MzI2MTIzOTF9.9FDMq7GCSjf4ZGRnHQX-uZsf73YGQmAo_TpRYbI6RbA

Gets me into de admin page without having to login

[derrickmehaffy]

@guillermodoghel can you update this with the proper template (it looks like a feature request)

[guillermodoghel]

I've resolved this by doing the following aberrant workarround

On my frontend app I created an href that looks like

STRPI_PATH + '/admin/?login=' +
              encodeURIComponent(JSON.stringify({token:getToken(),user:getUser()}))

where getToken() and getUser() are the admin jwt and user object returned in login.

On the strapi side, in ./admin/admin/src/containers/AdminPage.indexjs
in the begnining of componentDidMount() { I added this code

    if(this.props.location.search.includes('?login=')){
      let loginstuff = JSON.parse(decodeURIComponent(this.props.location.search.slice(7)));
      auth.setToken(loginstuff.token);
      auth.setUserInfo(loginstuff.user);
    }

I think there are way more "correct" ways of doing it.
The ideal thing would be to only send the jwt token as a parameter, but when I tried to only do auth.setToken, I could access the admin panel, but it worked super weird (the username wasnt loaded, and half of functionalities wont work)

Is there any way, from inside the admin, to get the user object with the jwt token as an input parameter?

user object -> {"username":"admin","id":1,"email":"test@sometek.ws","provider":"local","role":{"id":1,"name":"Administrator","description":"These users have all access in the project.","type":"root"}}

[lauriejim]

@guillermodoghel Feel free to submit a PR to share your work with the Strapi community

[guillermodoghel]

Im currently working on a better approach for this.
So far, I found that:

strapi.plugins['users-permissions'].services.jwt.verify()
decodes the token and gives me the user id, with that I just query for the user and voila!

So the steps would be:

1 create a route in user-permisions that with the token, returns the user json
2 enable that route for public
3
option a: in user-permisions front end create a route to handle the request, call user-permisions backend, do the localstore set of user and token, and forward to admin

option b: keep the this.props.location.search in ./admin/admin/src/containers/AdminPage/index.js, call user-permisions backend, do the localstore set of user and token, and forward to admin

[Aurelsicoko]

I'm closing this issue because we will change our way of handling administrators and users. Currently, there is one collection/table for both. We will create a true administrator system. So this feature won't make sense anymore or the approach will be different.

Feel free to continue the discussion and ping me if needed.