How to get a user JWT token for HTTP post on my app?

[hughred22]

After user login, I need to get the current JWT token, store it somewhere and use it when I do get and post request as that user (let's say, as super admin so I can GET all the info including email address). But I have no idea how to get JWT token after login (can be email password login or Social login).

[Giuliano84]

Hey Hugh, the JWT tokens are automatically handled by the SDK so you don't even need to care about it. Are you having some problems in performing requests after a successful authentication?

[hughred22]

I am not using the SDK...As I can not find any doc in the JS SDK that I can simply get ALL USERS INFO. I am building the Admin panel to let admin to edit all the users info. So I use the REST API instead like so:

  var header = {
        "x-stamplay-jwt": 
    }

    $http.get("https://actorreels.stamplayapp.com/api/user/v1/users?n=20&sort=-dt_create&page=1&per_page=20", header).then(function success(res){
      def.resolve(res);
    }, function error(err){
      console.log(err);
      def.reject(err);
    });

If I do not pass in x-stamplay-jwt, I CAN NOT get the user email address...

[Giuliano84]

I see, have you created a specific role for the admin user? How does the admin user logs in into this admin panel?

[hughred22]

Yes. I created a role called superadmin in Stamplay. And the account just log in via email / password like everyone else.

[Giuliano84]

Ok but looks like the real problem is that you haven't been able to get all users info. That is the real reason why you're going without SDK in here.

What do you mean with "ALL" what is not returning at this moment?

[hughred22]

I don't know what to get all users info as an array with the SDK. "ALL" mean including email and identity. Without JWT with http get request, return array does not contain email address.

[claudiopetrini]

Hi Hugh,
calling the endpoint without JWT means that you're making an unauthenticated API call so guest permissions are applied.
This SDK handles storing and the injection of the token for you in all the requests, so my suggestion here is to use this SDK to do all the heavy lifting for you.

In order to get all the data about your users you can do something like this:

Stamplay.User.get({})

Note that these are paginated results.
It will return all the informations if an authenticated and authorized user is logged.
Let me know if you need help on this.

[hughred22]

So I refactoring all the codes to use the SDK but it still won't work :(

Here is the code:

 /**
 * Get all the users from Stamplay
 */
function getUsers(qData) {
    var def = $q.defer();
    console.log (qData);

    var query = {
        page: qData.page,
        per_page: qData.limit,
        sort: qData.`order
    }

    Stamplay.User.get(query).then(function(res){
        console.log (res);
        def.resolve(res);
    }, function(err){
        def.reject(err)
    })
    return def.promise;
}

The return user list is the same as Guest doing the REST API request as I did before. I can only have email address for the current login user - the superadmin. But all the other user emails are not showing. Also I can not update other user's information. It said this:

So I still end up the same thing. The superadmin is not really admin... I do not know if this is causing by the Permission issues with the Stamplay backend - but I did use your suggestion of "In the meanwhile you can set the permissions when the whole table is visible and avoid to reload the browser in the permissions tab. "

[Giuliano84]

Hey Hugh, that error message tells me that this problem is not related to your Roles configurations but to the fact that you haven't whitelisted localhost:3000 among the CORS domains.
You have to add "localhost:3000" in the CORS enabled domains in order to test your API calls with this new implementation.

[claudiopetrini]

@hughred22 are you sure that the snippet of code is the one that is giving you the error?

The error comes from a PUT request which is calling /api/user/v1/users instead of /api/user/v1/users/:userId.

As you can see the console is saying The response had HTTP status code 404 so iit seems like in your
code you're calling Stamplay.User.update(id, data, [callback] ) without an id.

[hughred22]

For the error message, I did upload the wrong image. And yes, I forgot the id on that error and that is related to another issue. My bad. And for the CORS domain issue. I have this setting according to Issac:

which include the "" for everyone so no CROS issues should be there? Do I still need to put in localhost:3000? Is the "" not working anymore? I do experience some images return 404 error and do not display when in localhost mode (the images are uploaded to Stamplay as file). Static assets on Stamplay seem to not respect the CORS setting in Stamplay admin panel.

[noogen]

I don't think you can mix * like that for CORS. Remove the other and just use * on it's own.

Also, another way around getting token in the header is to write a codeblock/server function to echo the header "x-stamplay-jwt" since it's being passed in the header by the sdk.

[Giuliano84]

That's right @noogen, also in case you want to run checks on the fact that the user who performed the request against the code block is worth mentioning that we automatically fill the context.data.user attribute. http://docs.stamplay.com/?lang=javascript#user-context-data