# Frontend Authentication Flow
In this guide you will learn what frontend expects from API response for authentication and authentication related notes.
WARNING
Provided JWT Service is for demo and inspiration purpose you might need to update it if your API response or Authentication flow is different than ours.
# Login
For login you must send email
and password
as POST data to your API request (It is required in our demo). In response you will get:
{
"userData": {
"id": 1,
"fullName": "John Doe",
"username": "johndoe",
"avatar": "/img/13-small.d796bffd.png",
"email": "admin@demo.com",
"role": "admin",
"ability": [
{
"action": "manage",
"subject": "all"
}
],
"extras": {
"eCommerceCartItemsCount": 5
}
},
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNjE3NjkyNjk2LCJleHAiOjE2MTc2OTMyOTZ9.ktkWaawSrKOmHbrke-1kCe7Ao3EkapSoh6ip12T9Slc",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNjE3NjkyNjk2LCJleHAiOjE2MTc2OTMyOTZ9.V4WQWNJWStNV0NSIsyy0I_cTjQULNx0NUmsJjO3x_xU"
}
Above is what frontend expects in response of login API request. You might not need same response for your project.
Let's say you are not using eCommerceCartItemsCount
than you don't need extras
in that case.
Now, situation is your API response if different from what frontend expects because you removed extras
. So, you have to modify frontend code (Mainly Login.vue file).
There might be another case where your login API request just send access token and refresh token on login and not user data. In this case you manually have to make another API call for getting user data in frontend. This also results in modification in frontend code (Mainly Login.vue file).
So, it is clear that there is more chances that you have to update the frontend code because your API response is different from what frontend expects.
To understand what we are doing after login, please consider understanding the code we wrote.
Talk is cheap, show me the code.
- Linus Torvalds
login() {
// Form Validation
this.$refs.loginForm.validate().then(success => {
// If form validation is successful
if (success) {
// Make Login request using JWT request
// NOTE: You can use axios.post() instead of JWT service
useJwt.login({
email: this.userEmail,
password: this.password,
})
.then(response => {
// `response.data` is response from API which is above mentioned
const { userData } = response.data
// Setting access token in localStorage
// NOTE: Please check the source code to better understand JWT service
useJwt.setToken(response.data.accessToken)
// Setting refresh token in localStorage
useJwt.setRefreshToken(response.data.refreshToken)
// Setting user data in localStorage
localStorage.setItem('userData', JSON.stringify(userData))
// Updating user ability in CASL plugin instance
this.$ability.update(userData.ability)
// ? This is just for demo purpose as well.
// ? Because we are showing eCommerce app's cart items count in navbar
this.$store.commit('app-ecommerce/UPDATE_CART_ITEMS_COUNT', userData.extras.eCommerceCartItemsCount)
// Redirection after login
// ? This is just for demo purpose. Don't think CASL is role based in this case, we used role in if condition just for ease
this.$router.replace(getHomeRouteForLoggedInUser(userData.role))
.then(() => {
this.$toast({
component: ToastificationContent,
position: 'top-right',
props: {
title: `Welcome ${userData.fullName || userData.username}`,
icon: 'CoffeeIcon',
variant: 'success',
text: `You have successfully logged in as ${userData.role}. Now you can start to explore!`,
},
})
})
})
.catch(error => {
this.$refs.loginForm.setErrors(error.response.data.error)
})
}
})
},
You might need to update above login method according to your API response.
# Registration
For registration you must send username
, email
and password
because these are required by our fake db. In response you will get below:
{
"userData": {
"email": "peter@starkindustries.com",
"username": "underoos",
"fullName": "",
"avatar": null,
"role": "admin",
"ability": [
{
"action": "manage",
"subject": "all"
}
],
"id": 3
},
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MywiaWF0IjoxNjE3Njk0MTQ0LCJleHAiOjE2MTc2OTQ3NDR9.ZjxLVrmgxKdRhiYgpSV_RuQNUn8Pbv4d7dSG37mm5Xg",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNjE3NjkyNjk2LCJleHAiOjE2MTc2OTMyOTZ9.V4WQWNJWStNV0NSIsyy0I_cTjQULNx0NUmsJjO3x_xU"
}
This response is similar to login. Again, if you have any changes you need to update the code same as described in login.
As we are getting more questions and demand of Auth + ACL for our template we will make our Authentication more simpler and easy to understand in upcoming major VueJS release.
# Conclusion
For everything to work correctly, make sure you store data in localStorage properly so later it can be read correctly by other code. Otherwise make sure to update the code of writing data to localStorage and read from localStorage.