Adocasts Adocasts
Adocasts Adocasts
Sign In Sign Up
Playing Next Lesson In
seconds
Adding an API to an AdonisJS Web App

Adding an API to an AdonisJS Web App #2.0

Configuring Access Token Auth on top of Session Auth

In This Lesson

We'll get opaque access tokens configured within our AdonisJS application on top of the already configured session/web authentication. This will include configuring the guard and setting up the db access token provider.

Created by
@tomgobich
Published

Join the Discussion 4 comments

Share your thoughts!
Create a free account to join in on the discussion
  1. @aaron-ford
    @aaron-ford Adocasts Plus

    So if we need multiple access tokens, like say we wanted to make it so courses could have tokens to modify their data within an organization, we could just add the DbAccessTokensProvider.forModel(Courses, {

    type: 'course_ api_token',

    prefix: 'api'

    }

    to the courses model, but would we want to copy the migration and make a second course_api_access_tokens table to use for the table parameter in the DbAccessTokensProvider? Or is there a way to use the one api_access_tokens table? Can both use the same type of api_token? Since they are both for api calls? Or do they have to have different types? I assume it would also require adding something like 

    courseApi: tokensGuard({
      provider: tokensUserProvider({
        tokens: 'accessTokens',
        model: () => import('#models/courses'),
      }),
    
  
    
    
    
      Copied!

    to the auth.ts config file. I assume If everything set up in this video is duplicated for a second api, the rest of the videos in this series just be applicable to either guard.

    1
    1. Responding to aaron-ford
      @tomgobich
      @tomgobich Adocasts Plus

      Yep, spot on Aaron! The access tokens are scoped by their type so by giving organizations one type and courses another you'll be able to use the same table for both. That's distinguish which tokens are specifically meant for organizations and which are meant for courses.

      If you want to use the same type for both, then I would recommend using separate tables. Otherwise, you could create a token for a course with an id of 3, and circumvent the system to use that same token for an organization with an id of 3, since there wouldn't be anything distinguishing the two from one another.

      Lastly, again spot on! You'll want to replicate the token configurations again for the course including the tokens guard, as you've got above! Then, when using the auth module, just utilize the use method to specify which guard you're targeting. That will give you the correct model type for the specified guard as well.

      // the use method accepts the key name given to the guard in config/auth
const organization = auth.use('organization').user
const course = auth.use('course').user
      
  
      
    
      
      Copied!
      0
      1. Responding to tomgobich
        @aaron-ford
        @aaron-ford Adocasts Plus

        The reason it could use the same table is because a course is linked to an organization, right? If I wanted to have API keys for something not linked to an organization, I'd have to have a separate table, since the tokenable_id in the table would have to reference a different table? Or if say you wanted someone to be able to make changes to a course but not the overall organization? You'd make a token table that references the courses model, or whatever model you want to grant rights to?

        table
        .integer('tokenable_id')
        .notNullable()
        .unsigned()
        .references('id')
        .inTable('otherModelName')
        .onDelete('CASCADE')
        
  
        
    
        
      Copied!
        1
        1. Responding to aaron-ford
          @tomgobich
          @tomgobich Adocasts Plus

          Oh shoot - yeah, good catch, I completely forgot about there being a foreign key on that. Due to that foreign key, you would need a new table since the foreign key itself can only reference a single column inside of a single table. So, you'd need a table for your organization tokens and another for your course tokens, apologies I forgot about that.

          0