Server Side Swift with Vapor - Part 28: API | Ray Wenderlich

Learn how to protect APIs with authentication using both HTTP Basic Authentication and Token Authentication.

This is a companion discussion topic for the original entry at

Hi @0xtim… it’s me again … I’m on Vapor Framework: 3.0.0-rc.2.2.3 now and getting this error. Standar procedure of vapor update, brew upgrade vapor and rm -rf .build/ *.xcodeproj/ Package.resolved && vapor xcode -y were done.

@vinamelody check out the gist for the latest changes. Once Vapor 3.0.0 is out (probably early next week) I’ll rerecord all the parts that need changing and update the projects

Thanks! it’s back to good now :slight_smile:

1 Like

Also, make sure you increase the timeout preference in rested settings … I was timing out with a connection reset erroNo:54 until I did this… after changing teh time out value it worked but man was it slow…23%20PM

@jbrown36301 is this specifically for logging in? Looks like there may have been a regression with the BCrypt cost and hashing is taking a long time. Though 20s is way too long! I’ll take a look.

If it’s not logging in, let me know because it shouldn’t take that long at all!

@0xtim, @jbrown36301Unfortunately mine takes a while logging in as well otherwise, creating acronyms are lighting fast

@izzywizz @jbrown36301 yeah this looks like a regression in BCrypt - it’s been captured here BCrypt Regression · Issue #50 · vapor/open-crypto · GitHub

@0xtim Ahhh yeah, hmmm 25s does seem excessive but I guess it does take awhile to hash

@izzywizz it shouldn’t take that long unless you want REALLY secure passwords! It’s past the point of being usable.

However it’s an issue with Swift debug vs release builds - on release it’s actually fine. There’s a fix in the issue linked above, I’ll add it to the video re-records

@0xtim You are right that does seem a tad extreme haha but it’s cool that it doesn’t happen in release though.

@0xtim There seem to have been some recent changes to the Auth (2.0.0-rc.4) package that are causing issues with token authentication.

  1. typealias UserIDType = UUID needs to be added to the Token: Authentication.Token extension in Token.swift
  2. There is an error in User.swift stating that Type 'User' does not conform to protocol 'TokenAuthenticatable'. I haven’t been able to figure this one out yet. It looks like there may be a new function in the protocol, authenticate, that needs to be implemented. Can you provide some assistance with this?


Just to clear this up you should just need to add a type alias to UserIDType to your Token. E.g.

extension Token: Authentication.Token {
  static let userIDKey: UserIDKey = \Token.userID
  typealias UserType = User
  typealias UserIDType = User.ID

I’ve raised it here

And to clarify my previous post, point 2 was simply an Xcode issue. Doing a clean and build, cleared the error. Thanks for the response.

How do we authenticate if we’re just using something like curl to test out the API calls? I tried calling my login method from the web controller with the -c cookie-jar.txt option to curl, and I see that it does in fact write out a cookie file.

But now when I make my POST to the API and add the -b cookie-jar.txt to curl, I’m still getting a 401 error from the API.

For curl you can use the API login fuction to get a token and then send that token as header in the next requests. The API uses the tokens, only the web uses cookies

“Palm, this is your forehead. Forehead, meet your palm”