I’m trying to use the new REST API 2 from 6.3.2. Do you guys have an example of how to pass in and receive the token from you?
Do you guys have an easy way to utilize JWT?
No, we didn’t do anything special about the JWT. There is a disadvantage of using it. Currently, we keep an association between a token and a CUBA user session. When a request with a token comes we try to find an associated CUBA session and set it to the security context. If there is no such session we log in on behalf of the user and rewrites the token-to-session association. That allows us to have tokens with a long expiration time and perform login attempts only when CUBA session is expired.
In the case of JWT, even if you store a CUBA session id in the token, token expiration time must not be more than CUBA session expiration time, or you will have to log in and create new CUBA session on each request with the token.
If you want to use JWT, then just replace our TokenStore implementation with your own one that manages CUBA sessions somehow.