Authentication
lopermo opened this issue · 3 comments
Hey man, I wanted to ask you if you know how to currently generate a valid JWT token for authenticated requests.
I found a couple interesting endpoints, but I can only get my info using my own JWT token from the client.
Any idea how to implement other users' log in so that I can authenticate their requests? Or is that totally unsafe?
You may use the following operation.
{
"operationName": "CreateAccessToken",
"variables": {
"email": "email",
"password": "password"
},
"query": "mutation CreateAccessToken($email: String!, $password: String!) {\n createAccessToken(email: $email, password: $password) {\n result\n accessToken\n __typename\n }\n}\n"
}To use this operation, you would also need to have a captcha-token on your header for this to work.
How do we get the captcha-token?
I haven't worked with the authenticated queries for this endpoint. However, I assume that there are two ways to get the auth token:
Either through the CreateAccessToken operation which would require a captch token. Captcha are designed for human interaction so you're most likely not going to be able to do this programmatically without beating the Captcha itself.
A more plausible way is to have the user log in on their Ronin account and get the token that should be stored in the memory of their browsers. You'd just have to sign in with a random message with the private key using this.