I have implemented jwt tokens on my site without using sessions. When I take a route that is having my jwtbearerauthenticator it does the authenticatte but I saw that req.auth.require is throwing.
So my thought is that since jwt is sessionless I am supposed to unencrypt the token and then get the user again and do req.auth.login again. Is this correct? This is why I am making the call to unverified. Here's some code.
func me(req: Request) throws -> EventLoopFuture<Me> {
print("entered me")
let signer = JWTSigners()
let token = req.headers["Authorization"]
let jwtPayload = signer.get(kid: .private)?.unverified(token, as: JWTPayload.Protocol)
let user = try req.auth.require(User.self)
let userName = user.userName
print("entered \(userName)")
return User.query(on: req.db)
.filter(\.$userName == userName)
.first()
.unwrap(or: Abort(.notFound))
.map { usr in
print("sending me \(usr.userName)")
return Me(id: user.id, userName: usr.userName)
}
throw Abort(.unauthorized)
}
func boot(routes: RoutesBuilder) throws {
let users = routes.grouped("users")
users.group("register") { usr in
usr.post(use: register)
}
users.group("login") { usr in
print("entered login group")
usr.post(use: login)
}
users
.grouped(JWTBearerAuthenticator())
.grouped(User.guardMiddleware())
.group("me") { usr in
usr.get(use: me)
}
}
