Getting Token after login

Steven_Athouel · November 16, 2020, 6:42pm

Hi,
i am currently working on a reactjs Client that consumes the frappe REST API but i don’t understand how to implement login throw the API.
In a standard app using JWT token, when a user login the client send the username and password to the server then the server is responding with a valid Token that the client can attach to its futur authenticated request.
With frappe it seems that we have to maintain cookies or manually getting the api key and secret (only desktop user with right creds can do this) then sending them to the customer ( i don’t know how) in order to use it as token.
Maybe i didnt understand the right Flow but how can i use token to perform login as i described above ?
Thanks

Steven_Athouel · November 17, 2020, 8:19pm

someone could help please, i think it s a trivial feature, i am sure a solution already exists.

ahmadRagheb · November 17, 2020, 10:51pm

hi @Steven_Athouel
i didn’t found a way to do it natively by frappe framework , but i found an app that do this (didn’t test it yet ) but trying to understand this feature since this app has a lot of awesome features , and i only need this one . in this issue the author refer to the app and list the features :
https://github.com/frappe/frappe/issues/9805#issuecomment-612848015

here is the features :

Features & APIs

In addition to the functionalities that the doctypes/pages bring to the table, below are the features that renovation_core provide either behind the scenes or as API

Authentication using SMS
Using JWT instead of SID in cookies for authentication. Useful in case of SSR applications and in Flutter applications.
Integration with FCM (Token registration, unregister, and mark as seen).
Added FCM as a channel in Notification doctype.
Uploading file using socket.io with progress indication (instead of a single blocking request).
Custom getList API to get child tables details and link fields as objects
Logging settings for handling logging in a logging site. Check renovation_logging
Additional settings in SMS settings to handle JSON requests and ‘+’ as prefix to mobile numbers.
Utility function to translate fields of docs fetched through APIs (mainly guest users)

ahmadRagheb · November 17, 2020, 11:07pm

https://github.com/newmatik/frappe/pull/45

revant_one · November 18, 2020, 6:31am

If complexity is not a problem, Use OAuth2 create OAuth Client. OAuth 2

Another alternative is use token and secret. Token Based Authentication

Steven_Athouel · November 18, 2020, 5:22pm

Thanks for your answers,
it’s very strange that Frappe does not provide this feature natively.

@revant_one using token and secret is not solving my problem because they have to be generated by a sysadmin and not by the user/client itself with code like standard JWT does.

revant_one · November 18, 2020, 5:35pm

OAuth Client will let authorized users generate their own token.

Generally OAuth2 clients are available on every platform/framework/libraries. e.g. client-oauth2

Steven_Athouel · November 19, 2020, 11:44am

Ok Thanks @revant_one i’ll check how to implement this throw OAuth Client
Thank you @ahmadRagheb too !