Make second jwt


#1

hi in my project there is 2 type of users one of them are the regular users the other is providers
so i need to make jwt for both with separated app_key and auth how can i do that ?


#2

Instead of creating a JWT for the different types of users, why not use the concept of roles/permissions/scopes.

That way, once a user is authenticated, a JWT is generated. Then checking the roles/permissions/scopes in the JWT to determine which type the user is.


#3

yes it’s a solution but is there no way to create another type of token ?
(i’ll use the role’s but just because this this topic was opened it would be great to have a real solution ( someone may need it ) )

adonis is ES6 ? right ?


#4

You can always just use jsonwebtoken lib to generate whatever you want.

For example:

const jwt = use('jsonwebtoken')
    const mailToken = await jwt.sign({
      mailValidation: mainAccount.id
    }, APP_KEY, { <-- put whatever secret key you want
      expiresIn: '1 day'
    })

#5

Why APP_KEY has to be different?


#6

users shouldn’t access providers routes like adding new products or etc


#7

Yeah but APP_KEY is unique for one application and not for types of users in the database.

What you need is access management for different types of users. As @mezie creating a simple middleware that checks the user role will be enough to manage rights.

Route.get('/admin-only', async function () {	
})
.middleware('auth')
.middleware([
	async function ({ auth }, next) {
		const user = auth.user
		// check user role here and deny/forward the request
	}
])