• We are using cutom UI(for front-end) & own middleware to communicate with nodebb API's.

    When the user is logged in, we are using nodebb-write-api to register or login the user into nodebb.

    But any further request from middleware should carry the nodebb logged in user info in the request header by sending the logged-in user token.

    We found some reference from below
    https://github.com/NodeBB/nodebb-plugin-write-api/issues/63

    Please suggest how to get logged in user token, so that we will store that token in middleware session. Any request going through middleware will read the session info to get nodebb logged-in user token & upend to every request header.

  • Global Moderator Plugin & Theme Dev

    Is your custom front end communicating directly to NodeBB through the write API?


  • @pitaj
    No. Custom UI is communicating with our nodeJS middleware application. From our nodeJS middleware application, we are using NodeBB read & write API's.

    Our application requirement is only logged-in users should able to participate in the discussions. To handle the session & secure the NodeBB write & read API's we are routing through our nodeJS middleware.

    Discusion architecture
    We are auto-creating the users in NodeBB when user logged-in to our application with Email & auto-login to NodeBB. So we need login user session details for further APIs to show/hide some of feature like

    1. Can create topic
    2. Can we specific categories
    3. Can reply to post on specific categories

    @rayulu-villa

  • GNU/Linux Admin

    @vinu Hm... there are a couple approaches you can take here.

    1. You can either generate a specific user token for each logged in user, or
    2. You can generate a single master token, and use that with the appropriate _uid parameter for each user, or
    3. You can retrieve the cookie after login.

    It seems like you are trying to do #3, but you probably want to pick one of the first two options.


  • @julian said in Getting logged in user token:

    _uid

    Thanks for the quick response. Really appreciate the way you are responding to the user queries.

    I am using point 2 to generate a token for the logged-in user using the master token.

    curl --location --request POST 'http://localhost:4567/api/v1/users/2/tokens?_uid=2' \
    --header 'Authorization: Bearer 840b285b-dee8-44d9-802d-a2cc0057e3ab' \
    --header 'Authentication: Bearer 840b285b-dee8-44d9-802d-a2cc0057e3ab' \
    

    response

    {
        "code": "ok",
        "payload": {
            "token": "a02c1803-9b8e-444e-892f-fef5d4ac257b"
        }
    }
    

    This is working fine to get the token for a specific user. Once I get the token for the logged-in user, I am using the above response token in the further API request header as below.

    curl --location --request GET 'http://localhost:3002/discussion/category/8?_uid=a02c1803-9b8e-444e-892f-fef5d4ac257b' \
    --header 'Authorization: Bearer a02c1803-9b8e-444e-892f-fef5d4ac257b' \
    --header 'Authentication: Bearer a02c1803-9b8e-444e-892f-fef5d4ac257b' \
    --data-raw ''
    

    But I am getting error as SESSION_EXPIRED(even though the user is logged-in in different browser)

    {
        "id": "app.error",
        "ver": "1.0",
        "ts": "2020-12-30 09:16:22:415+0530",
        "params": {
            "msgid": null,
            "status": "failed",
            "err": "SESSION_EXPIRED",
            "errmsg": "Session Expired"
        },
        "responseCode": "SESSION_EXPIRED",
        "result": {}
    }
    
  • GNU/Linux Admin

    @vinu Ah, you'll want to pass an actual uid into the _uid query parameter, not a user token. I think that's the issue here.

Suggested Topics

| |