JWT Test Server

Server is running with cookie domain: .polyanalitika.ru

Test Users:

admin - Full permissions
user10 - Some permissions
any other username - Basic permissions

Endpoints:

GET /login

POST /login - Accepts any credentials, uses username as JWT subject

GET /info

Returns user info and permissions. Requires valid Authorization header.

Header: Authorization: Bearer <token>

Checks that token is the last issued token for that user.

GET /tokens

List all last issued tokens (debug endpoint)

GET /verify

Verify a token. Requires Authorization header.

Example API Calls:


# 1. Login as admin
curl -X POST http://localhost:5001/login \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "any"}'

# 2. Use the token to get info
curl -X GET http://localhost:5001/info \
  -H "Authorization: Bearer <token_from_step_1>"

# 3. Login as user10 (will invalidate admin's previous token for /info endpoint)
curl -X POST http://localhost:5001/login \
  -H "Content-Type: application/json" \
  -d '{"username": "user10", "password": "any"}'

# 4. Get user10's info
curl -X GET http://localhost:5001/info \
  -H "Authorization: Bearer <token_from_step_3>"