✅ Public endpoint : authenticate with a static token | Directus | Page 1

charred solstice Jul 4, 2023, 9:48 PM

#

Hi! I'm receiving events from an external platform loading one of my custom endpoints.
I cannot change the headers on that platform, so I would like to authenticate within my extension code as a specific user with a static token.
Usually I just use the _req.accountability with my ItemsService, but I could not find how to create an accountability object myself with a static token that I know.

Is that possible ?

Thanks for your help !

fallen hingeBOT Jul 4, 2023, 9:48 PM

#

Thanks for posting! This is a community powered server, so you may or may not get an answer based on available help and expertise. To increase your chances of somebody being able to help you, please help us help you making sure you:

Adding an explanation of exactly what you're trying to achieve.
Adding any and all related code or previous attempts.
Describing the exact issue or error you are facing.
Posting any screenshots if applicable.
Reading through https://stackoverflow.com/help/how-to-ask.

When you're done with this thread, please close it. Thanks! ✨

(If you have a support agreement and need help, please contact the core team via email.)

next moss Jul 4, 2023, 9:58 PM

#

    const { getAccountabilityForToken } = await dynamicImport("@directus/api/utils/get-accountability-for-token");
    const tokenAccountability = await getAccountabilityForToken("token");
    
    // or

    const { getAccountabilityForRole } = await dynamicImport("@directus/api/utils/get-accountability-for-role");
    const roleAccountability = await getAccountabilityForToken("role-id");

#

the implementation of "dynamicImport" is up to you though.

#

I`d use role instead of token, because token requires you to haven user created, role you just need the role itself

#

I use that for exposing my own apis

#

for reference impl of dynamicImport : https://github.com/cspotcode/tsimportlib

charred solstice Jul 4, 2023, 10:11 PM

#

thanks for your help @next moss ! I've looked at the getAccountabilityForToken it seems to populate just the user and role with ids. Maybe I could just do that with the role I need 🤔

next moss Jul 4, 2023, 10:12 PM

#

ref: https://github.com/directus/directus/blob/main/api/src/middleware/authenticate.ts#L48

#

it's all Directus does 🤷‍♂️

#

nevermind, seems like it's mutating the defaultAccountability object too. I'd have to check what I did

#

doesn't seem like it does much though, default object is pretty empty

#

https://github.com/directus/directus/blob/main/api/src/middleware/authenticate.ts#L14-L20

charred solstice Jul 4, 2023, 10:15 PM

#

You are right. @strange latch just told me the role is the only mandatory field in this other thread : https://discord.com/channels/725371605378924594/1110122198544425041

fallen hingeBOT Jul 28, 2023, 8:46 AM

#

✅ Public endpoint : authenticate with a static token

#✅ Public endpoint : authenticate with a static token