JSON Web Token (JWT) Vs API Key authentication

[lerina]

Hello, I'm using loco with server-side rendering .
I'm stuck with what to do after user login . I have an admin dashboard pages what should only be
accessible to logged users.

1. Is it correct to think that JSON Web Token (JWT) is for a front-end (json, javascript ) app
   and API Key authentication is more suited for a backend serverside using tera?

2. API Key authentication does it mean I have to create a user entity with login_status and save that and check each time a restricted page is accessed?

thanx :-)

[Lab-8916100448256]

JWT can be used with server side rendering. API key is more for non interactive use cases (automation, ...) than for a specific type of front_end.

However I do not know how to handle the case of redirecting to a login page a user that is not logged in with server side rendering.

[lerina]

JWT can be used with server side rendering. API key is more for non interactive use cases (automation, ...) than for a specific type of front_end.

However I do not know how to handle the case of redirecting to a login page a user that is not logged in with server side rendering.

Thank you for the JWT clarification.
As for rendering, we never get to use format::redirect because auth::JWT returns a JSON before entering in to our handler.

I wonder if a custom middleware the only way to go or Loco already has something for Login/permission access to restricted html pages?

[Lab-8916100448256]

I'm wondering the same.
For now I did implement a custom middleware, based on https://github.com/loco-rs/loco/blob/master/src/controller/middleware/auth.rs , where I have changed the logic so that the extractors never return any error and return structures containing Option