julianlam
commented
5 years ago Oh dear... this PR totally fell through the cracks...!
I believe the reason I don't have session sharing respond on api calls is because then on page change from within NodeBB, the account is re-validated, which could cause some unnecessary processing especially if the user has already been logged in.
I'll have to see whether this works with the trust and revalidate settings, and merge appropriately.
FWIW you could now also probably use the write-api to make calls to privileged endpoints, but I have a feeling this is no longer an issue for you :)
I just spent the last 5 hours trying to figure out how to pull recent forum posts from my forum to my main site. I did it both via the backend using file_get_contents and on the front-end using jquery and ajax and I could not for the life of me figure out why it wasn't working. On a hunch I decided to look into the plugin just to see if, by some ridiculous chance, the author had disabled api access or not included it for some reason. Sure enough, there it is.
I have no idea why this was done this way, there's no reason this authentication method shouldn't be extended to all aspects of nodebb as far as I can tell. Anyway, here's a PR for your approval to allow API access via the JWT sharing method.