llebc
commented
2 years ago Hi @Grazulex, here is my two cents about it, and the way in which I have done it previously and in my current application. As it stands, as you stated JSON:API does not offer any recommendations for login and register actions. Therefore, in my projects I have used specifically for the authentication routes the oauth2 standards, of course this is entirely optional but JSON:API should only be used for resources and as such this is not a resource.
An example response would be:
{
"access_token": 'xxxxx',
"token_type": "Bearer",
"expires_in": 3600
}Of course, this differs from the format but offers an additional standard. You can view more on this on the official oauth website https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/
lindyhopchris
Hello, I have more a question about structure. I have a API with a token (bearer) authentication. I used for this Sanctum.
My question is : What is the best way to management the user with Json:Api ? Do you create a API controller for this and you put this in the "api/v1/" or not ? What do you do with the response of the login/register action...do you format this in "application/vnd.api+json" like the others actions from the others ressources or you used a simple "application/json" with the user informations and token ?
In this site of JSON:API (https://jsonapi.org/) I don't find any recommendation or speficiations about the auth reponse and format.
Thanks you
Jean-Marc