Overview

I will try the Drupal JSON Web Token Authentication module.

https://www.drupal.org/project/jwt

I referenced the following page.

https://preston.so/writing/decoupled-drupal-authentication-with-json-web-tokens/

Note that the following is a similar module.

https://www.drupal.org/project/rest_api_authentication

JWT authentication using the above module is described here.

https://www.drupal.org/docs/contributed-modules/api-authentication/jwt-authentication

However, as described in the following article, it appears that using JWT authentication with the above module requires a paid plan.

Therefore, this time I will try the jwt module instead.

Installation and Activation

jwt module

As a note, not only jwt but also jwt_auth_consumer and jwt_auth_issuer needed to be activated.

cvoemnpdoosre/rb.ipnh/adrrursehqueinrejw'tdrjuwpta_la/ujtwht_:c^o2n.s0u'merjwt_auth_issuer

restui module

cvoemnpdoosre/rb.ipnh/adrrursehqueinrere'sdtruuipal/restui:^1.21'

Configuration

Access the following to create a key.

/admin/config/system/keys

I selected JWT HMAC Key for Key type and SHA-256 for JWT Algorithm.

Next, access the following to configure JWT settings.

Select the default SHA-256 for Algorithm and select the key created earlier (here, jwt) for Secret.

Then, while logged in, access the following.

/jwt/token

A token like the following will be obtained.

For reference, let’s verify this token on jwt.io.

https://jwt.io/

Looking at the PAYLOAD section, you can see iat (Issued At: the time the token was issued) and the Drupal “User ID.”

REST Resource Configuration

Access the following.

/admin/config/services/rest

Here, enable POST for Content and select jwt_auth as the authentication provider.

Postman

Let’s try creating content using Postman.

First, try creating content without specifying Authorization.

Select raw for Body and set the format to JSON. Try creating an article type content with the following minimal data.

{}"]"]t,tyipte{}l{}"e:":[""t[vaarlgueet"_:id""N:ew"aArrttiiccllee"Title"

The POST URL is:

{path where Drupal is installed}/node?_format=json

The following result is returned.

{}"""scetoradrteou"rs:_"d:"e4s"0ce1rr"ir,potri"o,n":"MISSINGAUTHORIZATIONHEADER"

Next, select Bearer Token in Authorization, enter the token obtained earlier, and send the POST request.

As a result, content was successfully created as follows.

{}"]"]"]"]"]"]"]""]"]"]"]"]"]"]"]"]"]""n,u,v,l,t,r,r,rs,u,t,c,c,p,s,d,r,p,bfiuiayeeetiirhrteeaoididnpvvvadteaoifvtde"{}d{}"{}g{}e{}i{}i{}it{}"{}l{}a{}n{}m{}c{}a{}i{}h{}yl:":c"sssu:etgokus""d:o:iiis"eetyli::_[[dooo"[:dde"toi"[""e"["""n""n""""n:"""""""""""""":"_"n"["""[mvvv"vttt_vf_tttu_vtttu[v:vf:vf:vvlv_vapl]aaaa:aaaataouaaarl[aaaaraaoaoa[aaatalia,gllllrrrilrirrrlolrrrll[lr[lr[llnlrlidneuuu[ugggmumdggg"guggg"uumumuuguaua"g"eeeeeeeeea"eee:"eeee:eeaeaeecenes:c:""""ttts"t:ttt:"ttt""t"t""o"s""o::::___t:"___":___"::":"::d:l::nd[itua:[itu/[itu/::eaue]2"2"dyum"dyux]tdyux"""tf"tttnl"829j"pip2""pix,r"pixN2"2"ra:rirul:961a:ed"0Y:edxu:edxe0Y0Yuluoul,036""":2-""/e""/w2-2-es[enel"8"::3m1::u1::u3m3me_,j6a[--,s,sA----aa9r""1d""e""er1d1df"0tn92\ufrufrt2\2\faio7-\sc/sc/i-\-\e-cd43Te11e11c3T3Tcelea1Hr0"r0"l1H1Ht6e_1T:"b"beT:T:ec"tb0i,1,10i0id3,y27:eeT7:7:"-p0:sffi:s:s:4e-1P--t1P1P7"94"ccl4"4"[2,9:44e::36399"33-5333338-+--++44044003507700ab:55::-c0dd003-0--0089"bb""c5,22,,9a0056661---f044543386bb06449edda566"3116ee0ee411077a11""",,

(Reference) Using JSON:API

Next, let’s also check the results when using JSON:API.

Configuration

First, enable JSON:API in web services.

Next, access /admin/config/services/jsonapi and allow all operations.

Note that if you attempt the POST described below without this configuration, the following error will be returned.

{}"}"]j,esrorn""}o{}avmrpeesirt""sa"}:""""}"}"}:i"ltsdl,s,mo:i[iteioe{nntatnut"{k"}ltak"}"}r""a:sseuisv,icfl""e"sl"ineii:":l:"":af"ln1f"::""o":ee{.{"h"{:h"h""0:rM""r:r{::"ee4J{ee,{ft0Sf{f"7"h5O""x6:o"N::xd,:x"A""/hNPxhctoIxtottxtrpi/pe:Asj://ls/m/lco/ojoonwdswnawuoefpwlndii.ea"g/wsp,un3/iro.j.edosoderor/gngta/a/orPpftrioaio/rcctsmcloraeecctp"o//tlR1so.o/u0nrt/lfi"ycn2gr6/e1Ra6ed/ardofOpcne2lr6ya1Mt6oi-doseneMsce.1t0hS.oihdttFemilla#tdsemeric.n1pi0hs.pt4"r.,a6t"orscanconfigurethisatxxx/admin/config/services/jsonapi.",

Postman

When using JSON:API, create content with JSON data like the following.

{}"}data""}"ta:ytpt{er""it:biut"tlneeos"d":e:-"-{PaargteicTliet"l,e"

The POST URL for creating article type content is:

{path where Drupal is installed}/jsonapi/node/article

Attempting to create content without specifying Authorization yields the same result as before.

{}"""scetoradrteou"rs:_"d:"e4s"0ce1rr"ir,potri"o,n":"MISSINGAUTHORIZATIONHEADER"

When Authorization is specified, content is created as follows.

{}"}"j,dsaotn""}a"""avm"tilpee:ydiirtp"n"sa"}{e:k":i"l"sso:i:""e{nna:l"{k"}"4f:ssn3{""eo3:":ld81f"ea{.{"h-60:r-4"ea-,{fr2"tf:i8c4"l-he4t"6t,8p5:-/9/ajbsfo-n9a5p1i9.ao3rcge/effo0r9m"a,t/1.0/"

Summary

I introduced an example of using an API with the Drupal JWT module.

There may be many aspects that have not been fully considered, but I hope this serves as a reference for using this module.