i am currently working on a reactjs Client that consumes the frappe REST API but i don’t understand how to implement login throw the API.
In a standard app using JWT token, when a user login the client send the username and password to the server then the server is responding with a valid Token that the client can attach to its futur authenticated request.
With frappe it seems that we have to maintain cookies or manually getting the api key and secret (only desktop user with right creds can do this) then sending them to the customer ( i don’t know how) in order to use it as token.
Maybe i didnt understand the right Flow but how can i use token to perform login as i described above ?
someone could help please, i think it s a trivial feature, i am sure a solution already exists.
i didn’t found a way to do it natively by frappe framework , but i found an app that do this (didn’t test it yet ) but trying to understand this feature since this app has a lot of awesome features , and i only need this one . in this issue the author refer to the app and list the features :
here is the features :
In addition to the functionalities that the doctypes/pages bring to the table, below are the features that
renovation_core provide either behind the scenes or as API
- Authentication using SMS
- Using JWT instead of SID in cookies for authentication. Useful in case of SSR applications and in Flutter applications.
- Integration with FCM (Token registration, unregister, and mark as seen).
- Added FCM as a channel in Notification doctype.
- Uploading file using socket.io with progress indication (instead of a single blocking request).
- Custom getList API to get child tables details and link fields as objects
- Logging settings for handling logging in a logging site. Check renovation_logging
- Additional settings in SMS settings to handle JSON requests and ‘+’ as prefix to mobile numbers.
- Utility function to translate fields of docs fetched through APIs (mainly guest users)
If complexity is not a problem, Use OAuth2 create
OAuth Client. OAuth 2
Another alternative is use token and secret. Token Based Authentication
Thanks for your answers,
it’s very strange that Frappe does not provide this feature natively.
@revant_one using token and secret is not solving my problem because they have to be generated by a sysadmin and not by the user/client itself with code like standard JWT does.
OAuth Client will let authorized users generate their own token.
Generally OAuth2 clients are available on every platform/framework/libraries. e.g. client-oauth2