Hi everyone,
is there a way to issue an access_token in JWT format for our own REST-API with included custom claims / roles?
The Method ‘Backendless.userService.login’ of the Flutter SDK does not return an ‘user-token’ in the response, unfortunately. I thought that this property might fulfill my intended use case while reading the docs.
Best regards,
Ludwig
Hi, Ludwig.
The Method ‘Backendless.userService.login’ returns BackendlessUser object which contains String token:
Backendless.userService.login("email@email.com", "password").then( (loggedUser) {
// loggedUser.properties["userToken"]
});
But we don’t use JWT tokens in Backendless.
Regards,
Andrew.
Thanks Andrii for the fast reply!
The key you provided isn’t in the set either. Here are all properties:
{lastLogin: 2019-07-09 09:48:40.837, userStatus: ENABLED, created: 2019-07-08 12:22:54.690, name: null, ___class: Users, socialAccount: BACKENDLESS, ownerId: xxxx-xxx--xxx--xxxx, updated: null, email: myemail, objectId: xxxx-xx-xxxxx-xxxx}
There is an endpoint for validating user-ids:
https://api.backendless.com/<application-id>/<rest-api-key>/users/isvalidusertoken/<userToken>
The third party API could call this endpoint with the provided user-token from the mobile app. But this would introduce an extra network call for every request…
A dedicated access_token with custom claims and a private key to ensure authenticity is the feature I was looking for.
Either way, thanks for your time!
Best regards,
Ludwig
The issue is that we don’t store the user token in Android object of BackendlessUser. So there is no access to it in Android SDK.
Nevertheless the token is available in other SDK, like iOS-SDK or REST API.
If you need to get access_token, you can make rest call and receive it like this:
Best regards,
Maksym
@Ludwig_Leuschner, can you please tell us why do you need backendless token and describe your use case?
Regards,
Maksym
Hi @Maksym_Khobotin,
sorry, didn’t recognize your response.
I intent to outsource the user management from my own backend. Additionally I want to configure custom claims in a JWT-Token (eg over the backendless web GUI), in order to check the access authorization when handling the request at my own API.
Your Flutter SDK was a charm to implement, but if this flow is not possible, it is, unfortunately, a dealbreaker for me.
Best Regards
Ludwig
I understand your problem. We will discuss it with a team tommorow and will let you know once we find the solution for your issue.
Best Regards,
Maksym
Could you please specify where the login to Backendless will be taking place? Is it done on your server or in a flutter app? What would be very helpful (so we can suggest a solution) is to understand the data flow you envision in your app (both the client-side and the server-side).
Regards,
Mark
Hi @mark-piller ,
the registrations and logins should take place in the Flutter-App against the Backendless-API, if necessary our own API could redirect to backendless API, if a secret is needed, which can (obviously) not be shipped with the app.
After the user is logged in and the access_token is obtained, the app can perform requests against our own API, which will validate the access_token and return data if the access_token is valid.
I hope this will help you.
Best regards,
Ludwig
Hello @Ludwig_Leuschner
Thanks for the detailed description, we started investigate in this direction.
thank you very much. Just let me know if you make progress.
Best regards
Ludwig
Just for clarification, what scenario do you need to implement:
We will be glad to hear back from you.
Best Regards,
Maksym