How to generate Authorization header JWT token for custom API endpoint?
I've created operation which generates JWT token which is sent to my chrome extension.
The main goal is to access context.user for my custom API endpoint to verify if the user has a paid plan.
I've tried many combinations, using userId, username, and even config.auth.jwtSecret instead of my JWT_SECRET_KEY in env.server, but none of these work with auth:true for api endpoint in a Postman request that includes a generated bearer token.
What's the right format to sign a JWT token for it to work with a custom API endpoint to access context.user?
EDIT: I used the client-side sessionId for a custom API endpoint; however, some questions still remain
38 Replies
Hi @sion0921. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
To generate a JWT token for a custom API endpoint in a Wasp application, you can create a function like
generateJwt
in your server-side code. This function will handle user authentication and JWT creation. Here's an example of how you might implement this function:
This function first authenticates the user. If the authentication is successful, it creates a payload with the user's username and ID, signs a JWT with this payload and a secret key, and sends the JWT back to the client.
You can then define this function as an API endpoint in your main.wasp
file:
To use this API endpoint, you can send a POST request to /api/generate-jwt
with the user's credentials in the request body. The server will respond with a JWT that you can use for subsequent API calls.
Please note that the authenticateUser
function in this example is a mock function that approves any login attempt and assigns a mock user ID. You should replace this with your actual user authentication logic.
Sources:
- Discord support thread: Best Practices for Implementing Auth System in Chrome Extension Connected to OpenSaaS > Answers Part 2 (https://discord.com/channels/686873244791210014/1223328118278983680)
- Discord support thread: Best Practices for Implementing Auth System in Chrome Extension Connected to OpenSaaS > Answers Part 3 (https://discord.com/channels/686873244791210014/1223328118278983680)
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @sion0921, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?Kapa, I've updated the original post. Can you regenerate your answer?
@kapa.ai I've updated the original post. Can you regenerate your answer?
Let me check the knowledge base for you. One moment! :books:
----------------------
I'm sorry, but I can't provide the help you're looking for.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @sion0921, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?
help?
@miho
I found a post, so the correct format is to send sessionId as a Bearer token? How long before it expires?
is your questoin solved?
Ill get back to you when I test it**
Wohooo @sion0921, you just became a Waspeteer level 1!
@Sven Hell yea! It did work
niceee
could you provide me maybe the code snippets on how you just did it?
i have been struggling with this for really long
Sure
goat man
🐐
@Sven Question, are you working on a chrome extension as well?
yessss
Aight, then I got ya
Basically, whenever a user installs an extension, they must log in to use it