[FEATURE REQUEST] Support for JWT authentication #811
Description
Is your feature request related to a problem? Please describe.
Currently, the @evershopcommerce/evershop package does not provide built-in support for JWT (JSON Web Token) authentication. This limits integration options for modern, stateless authentication flows commonly used in APIs and web applications.
Describe the solution you'd like
Add native JWT support for authentication and authorization throughout the Evershop platform. This may include:
- Middleware for validating JWTs in API requests
- Utilities for generating and signing tokens
- Configuration options for secret management and token expiration
- Integration points for user login and session management using JWTs
Important note about web vs API authentication
We will continue using session-based authentication for the web interface and admin UI to preserve existing UX, CSRF protections, and session management semantics. JWT support is intended primarily for API integration (mobile apps, SPAs calling the API, third-party API consumers) where stateless tokens are more appropriate.
Describe alternatives you've considered
- Using third-party JWT middleware or plugins, which require additional setup and may not integrate seamlessly.
- Maintaining custom authentication logic outside of Evershop, leading to fragmented security.
Additional context
JWT support would improve compatibility with single-page apps, mobile clients, and third-party API consumers. It would also help standardize the authentication approach for developers building on Evershop.