reservoir
reservoir copied to clipboard
acquia
Is there any plans to support JWT tokens
I think, the JWT could be a nice choice for simple apps where only web app and backend exists, since it suggests a more simple way to authorize front-end requests to backend.
Is there any plans to provide such type of authorization?
I think you're asking for support for the OAuth2 Client Credentials grant? See http://oauth2.thephpleague.com/authorization-server/client-credentials-grant/. Please confirm, to ensure I'm not misinterpreting.
Yes, but I'm about to use JWT tokens without OAuth server that is simpler. User logins with username/password, server generates token based on JSON Web Token rules and returns back to the frontend. And then frontend sends all API requests with Authorization: Bearer ${TOKEN} header. From my point of view its almost the same as JWT is just a standard for generating tokens, but using it standalone just remove a bit of complexity from the simple application.
Here is a module which already provides JWT token generation for logged in user https://drupal.org/project/jwt
Thanks for clarifying!
Paging @e0ipso (https://www.drupal.org/project/simple_oauth maintainer) and @gabesullice (https://www.drupal.org/project/jwt maintainer), to get their thoughts.
From our discussion at DrupalCon we agreed that: if you want to generate your access tokens outside of Drupal, you want JWT. If your ID management service is Drupal, you want Simple OAuth 2.x (which comes with customizable JWTs).
I don't know what was the motivation for such decision, I suppose for the full-featured solutions (distributions) it's reasonable, but IMHO, for small projects it could be overkill.
You can find the comparison and argumentations for both these approaches in this thread (the talk about the Laravel packages but the idea is the same).
PS: I undestand that the most likely, this won't be part of this distribution, because it focuses on universal solution. So, maybe this thread could be closed if there would be no new thoughts.