Skip to content

Authentication usage

Jump to bottom
José Bonnet edited this page Mar 28, 2018 · 9 revisions

This page details the Authentication-related endpoints of the SONATA Gatekeeper API. This part of the Gatekeeper API is closely related to the Gatekeeper's User Management module, which is responsible for the authentication and authorization processes. You can learn more details about the Gatekeeper's User Management module in User Management API page.

/users

POST

  • Request:
curl -X POST <base URL>/users \
  -d '{"username":"myself", "password":"1234", "user_type": "developer", "email": "[email protected]"}'

The username must not exist already in the system. The fields shown in the request are all mandatory. Extra fields are: first_name, last_name, phone_number, certificate and public_key.

  • Response:
{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "[email protected]", 
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "cb2790f8-bdd5-4293-8a77-bc570714f535"
}

GET

  • Request:
curl -X GET <base URL>/users -H 'authorization:bearer <token>'
  • Response:

When the authorization token used belongs to a user of type admin, a list of all users is presented

[
    {
        "created_at": "2017-08-25T13:16:12+00:00", 
        "email": "[email protected]", 
        "first_name": "Demo", 
        "last_name": "User", 
        "user_type": "developer", 
        "username": "mydemo", 
        "uuid": "c4584602-090e-4f05-9022-4ebfa88508d8"
    }, 
    {
        "created_at": "2017-08-25T13:16:07+00:00", 
        "email": "[email protected]", 
        "first_name": "Admin", 
        "last_name": "Default", 
        "user_type": "admin", 
        "username": "myadmin", 
        "uuid": "d60af432-25bd-47b9-83f2-4396e3b202f2"
    }, 
    {
        "created_at": "2017-08-25T13:17:22+00:00", 
        "email": "[email protected]", 
        "user_type": "developer", 
        "username": "myself", 
        "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
    }
]

When the authorization token used belongs to a user that has been created with type either developer or customer, only that user's data is presented

{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "[email protected]", 
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
}

PUT

  • Request:
curl -X PUT <base URL>/users -H 'authorization:bearer <token>' \
  -d '{"username":"myself", "password":"9876", "user_type": "customer", "email": "[email protected]"}'

The username can not be changed.

  • Response:
{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "[email protected]", 
    "user_type": "customer", 
    "username": "myself", 
    "uuid": "cb2790f8-bdd5-4293-8a77-bc570714f535"
}

OPTIONS

  • Request:
curl -X OPTIONS <base URL>/users -H 'authorization:bearer <token>'
  • Response:
<empty>

/users/<user_uuid>

GET

  • Request:
curl -X GET <base URL>/users/<user_uuid> -H 'authorization:bearer <token>'
  • Response:

When the authorization token used belongs to a user of type admin, the requested data is returned, whatever the user it belongs to. Otherwise, the user's data is returned

{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "[email protected]", 
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
}

/users/<user_name>/user-public-key

PATCH

  • Request:
curl -X PATCH <base URL>/users/<user_name>/user-public-key -H 'authorization:bearer <token>' \
  -d '{"public-key":"..."}'
  • Response:
{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "[email protected]",
    "public-key": "...",
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
}

/users/public-key

GET

Obtains the User Management module Public Key.

  • Request:
curl -X GET <base URL>/users/public-key
  • Response:

When the authorization token used belongs to a user of type admin, the requested data is returned, whatever the user it belongs to. Otherwise, the user's data is returned

{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "[email protected]", 
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
}

/sessions

A user may have simultaneously several valid sessions.

POST

Creates a session (i.e., logs in).

  • Request:
curl -X POST <base URL>/sessions -d '{"username":"myself", "password":"1234"}'
  • Response:
{
    "session_began_at": "2017-08-25 14:16:09 UTC", 
    "token": {
        "access_token": "...", 
        "expires_in": 1200, 
        "not-before-policy": 0, 
        "refresh_expires_in": 1800, 
        "refresh_token": "...", 
        "session_state": "c8242f9c-8333-4a6c-84ff-2158bd6d2709", 
        "token_type": "bearer"
    }, 
    "username": "myself"
}

DELETE

Destroys the session (i.e., logs out).

  • Request:
curl -X DELETE <base URL>/sessions -H 'authorization:bearer <token>'
  • Response:
<empty>
Clone this wiki locally