Hi,
I need to customize the returned data. Can I add other database fields?
user_email,
user_photo
bla bla.
{
“success”: true,
“version”: “16.0.16”,
“JWT”:Z8XhD8C2HYLVmsMqnDUMA****",
“username”: “zafer@***.com”,
“userid”: “18”,
“parentuserid”: null,
“userlevelid”: -2
}
You may refer to the original code and add your own API action for login, see the topic REST API → Create Your Own API Action in the help file.
Thank you for your answer.
How can I use JWT encode in custom action?
I did it this way. I can add the table field I want. It was very useful.
// API ACTION CUSTOM LOGIN
$API_ACTIONS[“customLogin”] = function(Request $request, Response &$response) {
global $Security, $UserProfile, $jwt;
$username = RemoveXss(Param(“username”, Route(1)));
$password = RemoveXss(Param(“password”, Route(2)));
$email = RemoveXss(Param(“email”, Route(3)));
if($username !== NULL && $password !== NULL){
global $Security;
ValidApiRequest();
$autologin = $Security->validateUser($username, $password, TRUE);
if($autologin){
$Username = $UserProfile->get(“user_name”);
$SecretKey = ‘****’;
$Algorithm = ‘HS512’;
$tokenId = base64_encode(openssl_random_pseudo_bytes(32));
$issuedAt = time();
$notBefore = $issuedAt + 1; // Adding not before time (seconds)
$expire = $notBefore + 600; // Adding expire time (seconds)
$serverName = ServerVar(“SERVER_NAME”);
$userLevelID = $Security->CurrentUserLevelID;
$isLoggedIn = $Security->isLoggedIn();
$security = $isLoggedIn ? [
“username” => $UserProfile->get(“user_name”), // add,ng ne field from users table
“email” => $Security->currentUserName(), // User name
“userid” => $Security->CurrentUserID, // User ID
“parentuserid” => $Security->CurrentParentUserID, // Parent user ID
“userlevelid” => $userLevelID // User Level ID
] : [ “userlevelid” => $userLevelID ];
$ar = [
“iat” => $tokenId, // Issued at: time when the token was generated
“jti” => $issuedAt, // Json Token Id: an unique identifier for the token
“iss” => ServerVar(“SERVER_NAME”), // Issuer
“nbf” => $notBefore, // Not before
“exp” => $expire, // Expire
“security” => $security // Data related to the signer user
];
$jwt = $isLoggedIn ? $jwt = \Firebase\JWT\JWT::encode(
$ar, // Data to be encoded in the JWT
$SecretKey, // The signing key
$Algorithm //
) : NULL;
$userdata = array_merge([“success” => $isLoggedIn, “version” => PRODUCT_VERSION, “JWT” => $jwt], ConvertToUtf8($security));
WriteJson($userdata);
} else {
WriteJson(‘Authentication Fail’);
}
} else {
WriteJson(‘Invalid’);
}
};
Response data
{
“success”: true,
“version”: “16.0.16”,
“JWT”: “eyJ0eXAiOiJKV1QiLCJhbGciOi******”,
“username”: “user”, // I added this field. More fields can be added.
“email”: “user@email.com”,
“userid”: “18”,
“parentuserid”: null,
“userlevelid”: -2
}
An easier method with API library.
global $UserProfile, $Security; // Security related
$UserProfile = new UserProfile(); // Create user profile object
$Security = new AdvancedSecurity(); // Create security object
// new object with api class
$api = new API(‘api.php’);
$username = RemoveXss(Param(“username”, Route(1)));
$password = RemoveXss(Param(“password”, Route(2)));
// login with rest api
$userdata = $api->login($username, $password);
// add new item from database table field
$userdata[‘user’] = $UserProfile->get(“user_name”);
WriteJson($userdata);