Hello, I am doing an authentication with wordpress json, which is all correct, then through a custom strapi component I am making again the wordpress token authentication to check if token is valid, and what role it has. What I need later is to create strapi jwt token with the correct role, the token is generated, but for some reason it comes without any role.
Here screenshots:
This topic has been created from a Discord post (1214576207446941786) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord
This is the response from strapi,
the token below is the one that strapi gave me, when I try to use that token to fetch strapi products data, it gives unauthorized
wordpress-auth.js
“use strict”;
const fetch = require(“node-fetch”);
module.exports = {
async verifyToken(ctx) {
console.log(“verifyToken called”);
const { token } = ctx.request.body;
if (!token) {
return ctx.badRequest("No token provided");
}
try {
const wpResponse = await fetch(
"https://wordpresswebsiteworksfine.com/wp-json/wp/v2/users/me",
{
headers: {
Authorization: `Bearer ${token}`,
},
}
);
if (!wpResponse.ok) {
throw new Error("Failed to fetch user data");
}
const wpUserData = await wpResponse.json();
console.log("WordPress User Data:", wpUserData);
// Assuming roles are directly usable and match with Strapi's permissions system
const strapiRoleName = wpUserData.acf.strapirole;
console.log("strapiRoleName:", strapiRoleName);
// Generate a JWT token with the role's permissions only
const jwt = strapi.plugins["users-permissions"].services.jwt.issue({
role: strapiRoleName,
});
// Respond with the Strapi JWT token
ctx.body = {
status: "success",
message: "Token verified",
token: jwt, // This JWT is for API access, with only the role's permissions
strapiRole: strapiRoleName,
};
} catch (error) {
console.error("Error verifying token:", error);
ctx.body = {
status: "error",
message: "Token verification failed",
error: error.message,
};
}
},
};
the roles in strapi have the same ones in acf field, Admin, User and StoreManager
I created a strapi api key with full access and it works perfectly fetching the data with that, but when trying to fetch data with this auto generated token, i get unauthorized
Can anyone help me how to generate a strapi jwt token with the given roles? I don’t want to register users in strapi, as they are managed from wordpress end
The previous code works fine, in the meaning of I can execute it remotely, and it returns the info. What fails is the creation of the strapi jwt token with the right role
I presume that you need not only role but an actual user
Since auth is ctx.state.user
Try to create some bulk user and issue user and not role
Mmmm so create or find a user before?