We have a project where the main component is a RESTful API server backend for various apps (Web, Android, iOS, desktop). The client/frontend apps will communicate with the API via an API key. The API key can be a JWT or an OAuth2 access_token with a configurable lifetime. How can we implement this with CUBA?
The API key can be generated by the ff:
App or user registers with the API server.
API server issues an API key.
User can revoke or delete the API key then can issue a new one.
Unfortunately, lifetime of our access tokens cannot be configured. The only option to change it - use Persistent Token store: Persistent Token Store - CUBA Platform. Developer’s Manual You can build conidtional expire mechanism in your project for this type of token store.
Since fresh 6.6.0 release you can implement custom authentication end-point for REST-API: Custom Authentication - CUBA Platform. Developer’s Manual You can implement API keys management right in your application and employ this feature to provide OAuth2 access tokens using your API keys.