How to access SECURE page using JWT Token

This public forum is for user-to-user discussions of PHPMaker. Note that this is not support forum.
Post Reply
scs
User
Posts: 694

How to access SECURE page using JWT Token

Post by scs »

By using POSTMAN,

  1. For all Non-SECURE page, (you can try object with cars, cars2, categories, products, dji)
    get hp://download.hkvstore.com/phpdemo2019/api
    post h    p://download.hkvstore.com/phpdemo2019/api
    {
    "action": "list",
    "object": "cars"
    }
    the response is
    {
    "success": true,
    "cars": [
    {
    "ID": "1",
    "Trademark": "8",
    "Model": "40",
    "HP": "302",
    "Liter": "4.966",
    "Cyl": "8",
    "Category": "SPORTS",
    "Price": "83800",
    "Picture": "h**p://download.hkvstore.com/phpdemo2019/api/index.php?object=cars&action=file&field=Picture&key=1"
    },
    {
    ...snip...
    }
    ],
    "version": "15.0.0"
    }

  2. Login and get the jwt token
    get hp://download.hkvstore.com/phpdemo2019/api
    post h    p://download.hkvstore.com/phpdemo2019/api
    {
    "action": "login",
    "username": "admin",
    "password": "master",
    }
    the response is
    {
    "JWT": "eyJ0eX{header_snip}.eyJpYX{payload_snip}.uAhKK9{singature_snip}",
    }

  3. copy the JWT as token and pass to SECURE page as token (you can try object with trademarks, models, customers, orders and so on)
    get hp://download.hkvstore.com/phpdemo2019/api/?action=list&object=customers
    post h    p://download.hkvstore.com/phpdemo2019/api/?action=list&object=customers
    {
    "token": "eyJ0eX{header_snip}.eyJpYX{payload_snip}.uAhKK9{singature_snip}",
    "action": "list",
    "object": "customers"
    }
    the response is
    {
    "success": false,
    "failureMessage": "You do not have permission to access /phpdemo2019/api/index.php.",
    "version": "15.0.0"
    }

Can anybody tell me how to access the SECURE page by using the JWT token?

Regards,

Top
arbei
User
Posts: 9384

Post by arbei »

Token is not passed as data, it should be passed in HTTP header. See the example under the topic REST API >Authenticate User with JWT (JSON Web Token) in the help file. In the example in the help file is:

request.setRequestHeader('X-Authorization', 'Bearer ' + store.JWT); // JavaScript

If you do it on the server side (e.g. by curl) you need to do the same in PHP by setting "X-Authorization: Bearer <JWT token>" in the HTTP header of your HTTP request. (Replace <JWT token> by the real token.)

Top
scs
User
Posts: 694

Post by scs »

the response is
{
"success": false,
"failureMessage": "You do not have permission to access /phpdemo2019/api/index.php.",
"version": "15.0.0"
}

Top
Post Reply

Return to “General Discussion (PHPMaker)”