一个名为 api 的路由组, 在 middleware('auth:api') 和组内部, 我的 rest 路由
Thanks, but i'm not there yet. Please indulge me.
I want API auth for my REST interface, for users that have provided a valid username and password.
After confirming a user credentials exist. I want to give them a token which they are supposed send back on every request enabling them to access the rest API.
How should i go about that with regard to AdonisJS and what's the better approach?
I already have
A route that responds with a form for login,
A post route that should handle the credentials from the login
A route group called api with middleware('auth:api') and inside the group, my rest routes
Okay, you should render a login form where a user will enter their credentials and if their credentials are correct, you will return a response with the API token or JWT token, and then they can make use of that token for future requests.
JWT tokens are not stored. Read more about JWT in the official page. JWT tokens are created with user information on the token payload, and expiration date. You then set that token to the front end as a cookie OR on the payload and save it on localStorage. If you want to check to which user that token belongs to, you can encode the token with some user specific data and decode it and you will get that users data