Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

Please do not post bug reports, missing feature requests, or demo inquiries. If you have such an inquiry, submit a contact form.

When does Headwind MDM use /public/auth/login vs /public/jwt/login?

0 votes

I see that Headwind MDM has two login endpoints in the source code:

  1. /public/jwt/login – in the JWT module (JwtAuthResource)

  2. /public/auth/login – in the server module (AuthResource)

From what I understand:

  • /public/auth/login doesn’t use JWT; it returns an authToken generated by PasswordUtil (in common/util).

  • /public/jwt/login returns a JWT token.

by (140 points)

1 Answer

0 votes

The /public/auth/login endpoint stores the authorization token in cookies. This endpoint is used in the web UI authorization.

Since cookie-based authorization is not a good practice for REST API, there is another login endpoint. The /public/jwt/login endpoint returns the JWT authorization token in the JSON response, which could be used to authenticate further REST API requests.

by (43.3k points)
 | Snow Theme by Q2A Market
Powered by Question2Answer
...