Versions Compared

Old Version 3

changes.mady.by.user Alx Dark

Saved on

compared with

New Version 4

changes.mady.by.user Alx Dark

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

We're going to add a feature that will allow apps to work without the user needing to create or enter a password.

...


POST/v3/auth/email/signIn
auth
no authentication, public endpoint
body
{ "email": "<email.address>", "study": "<studyId>", "password": "<password>", "token" : "<token>" }
returns200with user session

412with user session

404
{ "statusCode": 404, "entityClass": "Account", "message": "Account not found.", "type": "EntityNotFoundException" }


If the token has been issued, retrieve the user's identity and return a session. Optionally, if a password value has also been submitted, reset the password before returning the session.

...

AuthenticationService

methodDescription
initiateSessionVerificationrequestEmailSignIn(String email)SignIn signIn)
  1. If functionality disabled, throw EndpointNotFoundException
  2. If email present, through throw RateLimitExceededException
  3. create token, store in Redis mapped to email, TTL 1 minute
  4. send email using study template to supplied email address
verifySessionemailSignIn(String email, String password, String tokenCriteriaContext context, SignIn signIn)
  1. Retrieve token from Redis using email
  2. If email or token missing, or token doesn't match supplied token, through throw 404
  3. Update password, if supplied
  4. Delete Redis entry
  5. Return a user session

...