Module Description
JSON Web Tokens (JWT) are commonly used for authentication to routes, services, and resources. They are digitally signed, which enables secure transmission of information that is verified and trusted. Using JWTs instead of sessions (cookies) is considered as a more modern approach to authentication.
Drupal can be used -in a decoupled manner- as a backend, communicating with the front-end via restful services. That is where JWTs come into the picture. Mobile apps as well as modern front-end frameworks like angular and react are better off with JWTs.
When someone logs in Drupal returns the following response:
{ "current_user": { "uid": "1", "name": "admin" }, "csrf_token": "UlGb7fak5ZS-r1BRistBh4IWLm_Z7F1xMpY3KYTGqcU", "logout_token": "7AvbnHgr9iDxIDVertHTI3PMX2-Shd6sjuN8hNHrHv8F" } As you see JWT token is not there. After enabling the JWT module. and configuring it to authenticate requests to REST resources in Drupal, one can access the user JWT token by visiting /jwt/token. But the problem is you need to be already "logged in" to access that page and you are required to use cookies to make a successfull connection to this route.
This module simply changes the login response, adding access token (JWT) to login response.
The module is mainly based on deepanker_bhalla's code.
-INSTALLATION-
You can install and enable this module like any other module.
-USAGE-
There is no configuration page for now. When you enable the module only difference you get is:
When you login via restful services (https://your-drupal-site/user/login?_format=json), the response coming from Drupal back-end will be altered to include "access_token". You'll be getting something like:
{ "current_user": { "uid": "1", "name": "admin" }, "csrf_token": "UlGb7fak5ZS-r1BRistBh4IWLm_Z7F1xMpY3KYTGqcU", "logout_token": "7AvbnHgr9iDxIDVertHTI3PMX2-Shd6sjuN8hNHrHv8F", "access_token": "eyJ0eXAiOiJKV1QiLDJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE1NDg2NzA3NDUsImV4cCI6MTU0ODY3NDM0NSwiZHJ1cGAsIjp7InVpZCI6IjYifX0.cnG6atSLYrRh6D05LZg9RwrJJdYoJfTBXTUZboPhJH3lYf640FmQTkJwwy9E8kg7ot59qyb5qtgIewM3R1KCDw" } access_token here is the JWT. You can make subsequent requests using this token. For example if you GET https://your-drupal-site/user/login_status?_format=json with a valid token:
GET /user/login_status?_format=json HTTP/1.1 Host: your-drupal-site Content-type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLDJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE1NDg2NzA3NDUsImV4cCI6MTU0ODY3NDM0NSwiZHJ1cGAsIjp7InVpZCI6IjYifX0.cnG6atSLYrRh6D05LZg9RwrJJdYoJfTBXTUZboPhJH3lYf640FmQTkJwwy9E8kg7ot59qyb5qtgIewM3R1KCDw cache-control: no-cache You will see it returns 1
Drupal can be used -in a decoupled manner- as a backend, communicating with the front-end via restful services. That is where JWTs come into the picture. Mobile apps as well as modern front-end frameworks like angular and react are better off with JWTs.
When someone logs in Drupal returns the following response:
{ "current_user": { "uid": "1", "name": "admin" }, "csrf_token": "UlGb7fak5ZS-r1BRistBh4IWLm_Z7F1xMpY3KYTGqcU", "logout_token": "7AvbnHgr9iDxIDVertHTI3PMX2-Shd6sjuN8hNHrHv8F" } As you see JWT token is not there. After enabling the JWT module. and configuring it to authenticate requests to REST resources in Drupal, one can access the user JWT token by visiting /jwt/token. But the problem is you need to be already "logged in" to access that page and you are required to use cookies to make a successfull connection to this route.
This module simply changes the login response, adding access token (JWT) to login response.
The module is mainly based on deepanker_bhalla's code.
-INSTALLATION-
You can install and enable this module like any other module.
-USAGE-
There is no configuration page for now. When you enable the module only difference you get is:
When you login via restful services (https://your-drupal-site/user/login?_format=json), the response coming from Drupal back-end will be altered to include "access_token". You'll be getting something like:
{ "current_user": { "uid": "1", "name": "admin" }, "csrf_token": "UlGb7fak5ZS-r1BRistBh4IWLm_Z7F1xMpY3KYTGqcU", "logout_token": "7AvbnHgr9iDxIDVertHTI3PMX2-Shd6sjuN8hNHrHv8F", "access_token": "eyJ0eXAiOiJKV1QiLDJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE1NDg2NzA3NDUsImV4cCI6MTU0ODY3NDM0NSwiZHJ1cGAsIjp7InVpZCI6IjYifX0.cnG6atSLYrRh6D05LZg9RwrJJdYoJfTBXTUZboPhJH3lYf640FmQTkJwwy9E8kg7ot59qyb5qtgIewM3R1KCDw" } access_token here is the JWT. You can make subsequent requests using this token. For example if you GET https://your-drupal-site/user/login_status?_format=json with a valid token:
GET /user/login_status?_format=json HTTP/1.1 Host: your-drupal-site Content-type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLDJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE1NDg2NzA3NDUsImV4cCI6MTU0ODY3NDM0NSwiZHJ1cGAsIjp7InVpZCI6IjYifX0.cnG6atSLYrRh6D05LZg9RwrJJdYoJfTBXTUZboPhJH3lYf640FmQTkJwwy9E8kg7ot59qyb5qtgIewM3R1KCDw cache-control: no-cache You will see it returns 1
Module Link
Project Usage
434
Security Covered
Not Covered By Security Advisory
Version Available
Production
Module Summary
This module adds JWT access token to the login response in Drupal REST services.
Data Name
getjwtonlogin
OPENAI CHATBOT
OPENAI CHATBOT
