Working on Strapi version: v4..
- Install as an npm dependency
# install dependencies
npm install simple-strapi-auth
- Check the below api's to generate token and refresh token
# Access token generation CURL
curl --location 'http://localhost:1337/simple-auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic bXlDbGllbnRJZDpteUNsaWVudFNlY3JldA==' \
--data-urlencode 'grant_type=client_credentials'
# Refresh Token generation Curl
curl --location 'http://localhost:1337/simple-auth/refresh-token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer b323177e47a266abc2d5d9cd42c08dcccdb9e365' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_id=myClientId1' \
--data-urlencode 'client_secret=myClientSecret' \
--data-urlencode 'refresh_token=b323177e47a266abc2d5d9cd42c08dcccdb9e365'
# Static Builds API call
curl --location --globoff 'http://localhost:1337/api/countries' \
--header 'x-csrf-token: randomCSRFToken' \
--header 'Authorization: Bearer randomCSRFToken'
- Please replace appropriate token and Basic auth values to generate access token.
- For nextJS static builds, use x-csrf-token in header and same token to be sent in the authorisation header which will be generated using a secret key from .env file
X_CSRF_SECRET = "randomString"
- Currently only designed to prevent unauthorized access to strapi public apis
- Works entirely on the principle of OAuth Client Credentials.