api
api copied to clipboard
dadi
Add endpoint for validating bearer token
In a scenario where a consumer application is using API to manage user authentication (like Publish), it's likely that bearer tokens will be stored somewhere on a client to act as session tokens. When this happens, it's important to verify with API that the token stored is still valid, allowing the application to redirect users to a sign in form if not.
Currently, Publish is hitting the /api/client endpoint in order to validate a token, obtaining useful information about the user in the process (killing two birds with one stone kind of thing). However, I wonder if it would be useful to create an endpoint that does nothing but validate an existing token, with the benefit of not having to hit the database at all. This endpoint would simply be validating the JWT and returning an empty response with an appropriate status code.
Useful? Micro-optimisation? 🤷♂️
cc @jimlambie
