Developer forum

Forum » CMS - Standard features » /dwapi/users/authenticate returns token but doesn't save it in DB and it doesn't work?

/dwapi/users/authenticate returns token but doesn't save it in DB and it doesn't work?

E-mail notifications
Kevin Steffer
Kevin Steffer
Reply
Posted on 24/04/2023 21:12:30

I have just created a new DW 9.15.3 solution.

1. Created a user
2. Send GET Requests to /dwapi/users/authenticate?userName=<the users username>&password=<the users password>&expirationInSeconds=1800
3. I get a token in return
4. When I want to get the token via Dynamicweb.Security.Tokens.TokenService.GetToken(token) it returns null
5. Found out that the token is not registeret in AccessUserTokens table
6. If I register my token manually in the AccessUserTokens table then Dynamicweb.Security.Tokens.TokenService.GetToken(token) it returns my Token object.

Do I have to enable something for this to work?


Replies

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 25/04/2023 13:55:35
Reply
This post has been marked as an answer

Hi Kevin

It is not the same tokens.

The Dynamicweb.Security.Tokens.TokenService is related to the Dynamicweb APP for dashboards - see https://doc.dynamicweb.com/documentation-9/platform/platform-tools/dashboards#sideNavTitle1-2
The tokens created with this service do not expire and is an app access token for retrieving content from the backend into the app. (Used as a 'Token' header in the requst)

When using the Webapi, you get a JWT token which is a claims token with an expiration - see https://jwt.io/ (Used as a 'bearer' token in the request

If you want to create a JWT token serverside for calls to the webapi client side, you need to use the JwtService in the Dynamicweb.Ecommerce.WebAPI.Controllers dll - see https://doc.dynamicweb.com/forum/dynamicweb-10/dynamicweb-10/dw-api-dwapi-ecommerce-carts-secret-returning-that-current-user-does-not-have-access-to-cart#Reply86971

There are some significant differences in security between these 2.

BR Nicolai

Votes for this answer: 1
 
Kevin Steffer
Kevin Steffer
Posted on 25/04/2023 15:47:25
Reply

Awesome, thanks!

 

You must be logged in to post in the forum