Developer forum

Forum » CMS - Standard features » /dwapi/users/authenticate returns token but doesn't save it in DB and it doesn't work?

/dwapi/users/authenticate returns token but doesn't save it in DB and it doesn't work?

Kevin Steffer
Kevin Steffer
Reply

I have just created a new DW 9.15.3 solution.

1. Created a user
2. Send GET Requests to /dwapi/users/authenticate?userName=<the users username>&password=<the users password>&expirationInSeconds=1800
3. I get a token in return
4. When I want to get the token via Dynamicweb.Security.Tokens.TokenService.GetToken(token) it returns null
5. Found out that the token is not registeret in AccessUserTokens table
6. If I register my token manually in the AccessUserTokens table then Dynamicweb.Security.Tokens.TokenService.GetToken(token) it returns my Token object.

Do I have to enable something for this to work?


Replies

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Reply
This post has been marked as an answer

Hi Kevin

It is not the same tokens.

The Dynamicweb.Security.Tokens.TokenService is related to the Dynamicweb APP for dashboards - see https://doc.dynamicweb.com/documentation-9/platform/platform-tools/dashboards#sideNavTitle1-2
The tokens created with this service do not expire and is an app access token for retrieving content from the backend into the app. (Used as a 'Token' header in the requst)

When using the Webapi, you get a JWT token which is a claims token with an expiration - see https://jwt.io/ (Used as a 'bearer' token in the request

If you want to create a JWT token serverside for calls to the webapi client side, you need to use the JwtService in the Dynamicweb.Ecommerce.WebAPI.Controllers dll - see https://doc.dynamicweb.com/forum/dynamicweb-10/dynamicweb-10/dw-api-dwapi-ecommerce-carts-secret-returning-that-current-user-does-not-have-access-to-cart#Reply86971

There are some significant differences in security between these 2.

BR Nicolai

Votes for this answer: 1
 
Kevin Steffer
Kevin Steffer
Reply

Awesome, thanks!

 

You must be logged in to post in the forum