Support Topics Documentation Slack YouTube Blog

Issuing an access token for third party API (Flutter SDK)

Backendless Version: 5.2.14, Online (Trial Cloud 99)

Client SDK: Flutter

Hi everyone,
is there a way to issue an access_token in JWT format for our own REST-API with included custom claims / roles?
The Method ‘Backendless.userService.login’ of the Flutter SDK does not return an ‘user-token’ in the response, unfortunately. I thought that this property might fulfill my intended use case while reading the docs.

Best regards,
Ludwig

Hi, Ludwig.

The Method ‘Backendless.userService.login’ returns BackendlessUser object which contains String token:

Backendless.userService.login("email@email.com", "password").then( (loggedUser) {
    // loggedUser.properties["userToken"]
  });

But we don’t use JWT tokens in Backendless.

Regards,
Andrew.

Thanks Andrii for the fast reply!

The key you provided isn’t in the set either. Here are all properties:

{lastLogin: 2019-07-09 09:48:40.837, userStatus: ENABLED, created: 2019-07-08 12:22:54.690, name: null, ___class: Users, socialAccount: BACKENDLESS, ownerId: xxxx-xxx--xxx--xxxx, updated: null, email: myemail, objectId: xxxx-xx-xxxxx-xxxx}

There is an endpoint for validating user-ids:

https://api.backendless.com/<application-id>/<rest-api-key>/users/isvalidusertoken/<userToken>

The third party API could call this endpoint with the provided user-token from the mobile app. But this would introduce an extra network call for every request…
A dedicated access_token with custom claims and a private key to ensure authenticity is the feature I was looking for.

Either way, thanks for your time!

Best regards,
Ludwig

Hi @Ludwig_Leuschner!

The issue is that we don’t store the user token in Android object of BackendlessUser. So there is no access to it in Android SDK.
Nevertheless the token is available in other SDK, like iOS-SDK or REST API.
If you need to get access_token, you can make rest call and receive it like this:

Screenshot%20from%202019-07-09%2014-50-48

Best regards,
Maksym

@Ludwig_Leuschner, can you please tell us why do you need backendless token and describe your use case?

Regards,
Maksym