Need stable API for login and reading current user profile


#1

Hi, I would like to integrate my application with auth api provided by AS. The user.proto does not provide enough functionality for that. Internal.proto contains what I need (Login, Profile), but as the name suggests, it is intended for internal usage. Is this API unsafe/unstable? Will parts of it be migrated to other proto files? I could be reading the database directly but that would be even worse. The app provides additional services like persistence, but core remains AS. It might be an overkill to duplicate the auth completely.


#2

As you already mentioned, the internal.proto / /api/internal endpoints are for internal use only (web-interface) and might change any time. It would be better to generate your own JWT tokens (already covered in other topics on the forum). See also: https://www.loraserver.io/lora-app-server/integrate/auth/.


#3

Thanks for quick answer, generating my own JWT is not an issue. However maintaining a mapping between users, organizations, apps and devices is already done on AS so I see little point in duplicating the security checks. I might maintain user-password relation but after user login, I cannot find an easy way to list organizations (I could list all organizations and its users but that seems cumbersome)