Change login request from POST to GET

Question

Change login request from POST to GET

honkskillet opened this issue 4 years ago · 4 comments

Conceptually this makes more sense as a GET request as you are getting a JWT for the front end. More importantly, popular http libraries like axios will generate the auth header for you easily if you are using a GET. See my stackoverflow question and answer here https://stackoverflow.com/questions/62730511/axios-equivalent-of-curl-u-flag

Answer 1 · 2020-07-05T15:19:49.000Z

Hi @honkskillet . Thanks for the suggestion.

IMO JWT generation resembles CREATE in the traditional REST definition. Using POST looks more REST-compliant (though I agree it's arguable).
Also, making changes due to one specific frontend library is not something we usually do in this generator.

Answer 2 · 2020-07-05T17:23:24.000Z

Looking into it more deeply there are security reasons not to use GET, so POST is correct. Maybe some beefed up documentation in the readme then? Most people won't actually be using CURL with this library.

@pedro-victor I can add some more axios documentation to the readme. Can you accept pull requests?

Answer 3 · 2020-07-05T17:34:26.000Z

Looking into it more deeply there are security reasons not to use GET, so POST is correct. Maybe some beefed up documentation in the readme then? Most people won't actually be using CURL with this library.

I forgot to mention that as well.

@pedro-victor I can add some more axios documentation to the readme. Can you accept pull requests?

I do but since we don't have a lot of documentation apart from what's in README.md this first approach on showcasing frontend libraries might be up to @diegohaz on where to put it.
I'm in favor of having these examples in a webpage/wiki instead of the repo so it could move faster than the PR approval process.

What do you think, @diegohaz ?

I'd love to write about creating microservices from this generator. I have created 50+ microservices from it and this generator is awesome for that use case too.

Answer 4 · 2020-07-05T21:22:34.000Z

Wiki sounds nice! I've enabled the wiki section on this repo. I guess anyone can edit, but let me know if you need any additional permission. I'm also curious to learn more about that microservices approach. :)