Reputation: 69
Permanent token on loopback
I am building an app using Loopback API that will be consumed by an iPhone APP. There is a connection to a MySQL database where I run some queries to get some results and expose on the API.
- The endpoints contain an ACL that will allow only authenticated users to perform any operation, including the GET ones. So basically the requests need to be done using the ?access_token query string.
- I want to set a token that can be saved on the MySQL database and can be used "forever" on the API.
I am not sure if I am asking the right question but if this is not the way to solve this problem, what would it be?
My main point is that I need the requests to be authenticated with a token but I don't want to lose this token once it's set.
Any help is appreciated. Thanks!
Upvotes: 1
Views: 1947
Answers (3)
Reputation: 15995
By default the max token ttl is 1 year. Thankfully Loopback has an option that will allow you to create a permanent access token:
allowEternalTokensBoolean Allow access tokens that never expire.
https://loopback.io/doc/en/lb3/Model-definition-JSON-file.html#advanced-options
If you're using the default user model, you can enable it in server/model-config.json:
"User": {
"dataSource": "db",
"options": {
"validateUpsert": true,
"allowEternalTokens": true
}
},
Then when logging in, set ttl to -1.
Note that every time you log in (User.login) your token will be replaced with a new one. So if you want to reuse the same access token, log in only once. You can get the existing access token from the AccessToken model (or directly from the database).
If you have a custom user model, you can set allowEternalTokens directly in the model definition file. In addition, if you have a custom user model you'll also need to update the relations of the AccessToken model (either the built-in one or your custom one if you have it) to point to the custom user model.
More info on custom user/access token models here: http://loopback.io/doc/en/lb3/Authentication-authorization-and-permissions.html#preparing-access-control-models
Upvotes: 2
Reputation: 622
I set the TTL to the max 1 year but I set the created field to some time very far in the future such as 2112-10-29 00:00:00-04. This makes the token expire a century from now.
Upvotes: 1
Reputation: 1836
You can pass the ttl in the credential json sent by you iOS app, in this example the token will live for 60sec, just use a high value for make a token "permanent":
POST /Users/login
{
"email":"[email protected]",
"password":"12345689",
"ttl": 60000
}
Or create a before remote method to change the ttl propertie, check this article:
Upvotes: 1
Related Questions
- Set access token in Loopback with React
- Creating Permanent AccessToken in loopback
- need help in loopback
- loopback.io rest connector - how to pass through oAuth token
- How to run Node.JS Loopback + Forever?
- Reset Loopback Password with Access Token
- How do I use the access token in Loopback?
- Loopback - Implementing custom authentication
- Allow loopback application to use previous access token
- loopback protected routes/ensure login