Page Comparison

...

Create User

POST httphttps://staging-auth.elasticbeanstalk.com/auth/v1/user
{"email":"demouser@sagebase.org", "firstName":"demo", "lastName":"user", "displayName":"Demo User"}

...

HTTP/1.1 400 Bad Request

Update User

PUT httphttps://staging-auth.elasticbeanstalk.com/auth/v1/user
sessionToken:<sessionToken>
{"email":"demouser@sagebase.org", "firstName":"demo", "lastName":"user", "displayName":"Demo User"}

...

Send Change-Password Email

POST httphttps://staging-auth.elasticbeanstalk.com/auth/v1/userPasswordEmail
{"email":"demouser"}

...

Initiate Session (Login)

Request:

POST httphttps://staging-auth.elasticbeanstalk.com/auth/v1/session
{"email":"demouser@sagebase.org", "password":"demouser-pw"}

...

HTTP/1.1 400 Bad Request
AuthenticationURL: httphttps://staging-auth.elasticbeanstalk.com/auth/v1/session
Content-Type: application/json
{"reason":"Unable to authenticate."}

...

Refresh Token (reset timer)

Request:

PUT httphttps://staging-auth.elasticbeanstalk.com/auth/v1/session
{"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"}

...

 Note: Sessions initiated by multiple clients for the same user around the same time will receive identical "single sign on" tokens.  Since session termination is linked to the session token, terminating the session for one client via this command will have the side effect of terminating all sessions.  An alternative is for the client simply to delete its own copy of the token.

Request:

DELETE httphttps://staging-auth.elasticbeanstalk.com/auth/v1/session
{"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"}

...

Create User:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"email\":\"demouser@sagebase.org\", \"firstName\":\"demo\", \"lastName\":\"user\", \"displayName\":\"Demo User\"}" -X POST http https://staging-auth.elasticbeanstalk.com/auth/v1/user

Update User:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"email\":\"demouser@sagebase.org\", \"firstName\":\"NEWdemo\", \"lastName\":\"NEWuser\", \"displayName\":\"NEWDemo User\"}" -X PUT http https://staging-auth.elasticbeanstalk.com/auth/v1/user

Send Change Password Email:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"email\":\"demouser@sagebase.org\"}" -X POST http https://staging-auth.elasticbeanstalk.com/auth/v1/userPasswordEmail

Login:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"email\":\"demouser@sagebase.org\", \"password\":\"demouser-pw\"}" -X POST http https://staging-auth.elasticbeanstalk.com/auth/v1/session

Refresh session token:

curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"}" -X PUT http https://staging-auth.elasticbeanstalk.com/auth/v1/session

Logout:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"}" -X DELETE http https://staging-auth.elasticbeanstalk.com/auth/v1/session

Access repository services anonymously:
curl -H Accept:application/json httphttps://localhost:8080staging-reposervice.elasticbeanstalk.com/repo/v1/dataset/test

Access repository services with session token (obtained by logging in):
curl -H Accept:application/json -H sessionToken:AprxPRzpmaPm7FXzV1ik0w00 httphttps://localhost:8080staging-reposervice.elasticbeanstalk.com/repo/v1/dataset/test

Authentication of Requests to Platform

...

Get the users who can be added to a resource's ACL

GET httphttps://repositoryservicestaging-reposervice.sagebaseelasticbeanstalk.orgcom/repo/v1/user

[
  {"name":"anonymous","id":"3","creationDate":1307402971000,"uri":null,"etag":null,"individual":true},
  {"name":"foo@sagebase.org","id":"4","creationDate":1307403226000,"uri":null,"etag":null,"individual":true}
]

Get the groups who can be added to a resource's ACL

GET httphttps://repositoryservicestaging-reposervice.sagebaseelasticbeanstalk.orgcom/repo/v1/userGroup

[
  {"name":"Identified Users","id":"1","creationDate":1307141423000,"uri":null,"etag":null,"individual":false},
  {"name":"Federation Group","id":"2","creationDate":1307141423000,"uri":null,"etag":null,"individual":false}
]

...

Returns the ACL for the node responsible for the given node's permissions. Note: In the following example, 'resourceId' is the id of the node to which permissions are attached, either rid or one of rid's ancestors; 'resource_type' is the type of rid (project, dataset, layer, etc.); there is one 'resourceAccess' entry per UserGroup (aka 'principal') having access to the resource; 'userGroupId' is the id of the UserGroup object; 'accessType' is the list of types of access the given UserGroup has to the given resource.

GET httphttps://repositoryservicestaging-reposervice.sagebaseelasticbeanstalk.orgcom/repo/v1/{resource_type}/{rid}/acl

...

Note: This is only used when the resource 'rid' currently inherits its access control list from an ancestor. This request causes 'rid' to cease ACL inheritance and instead use the ACL passed in with the request.

POST httphttps://repositoryservicestaging-reposervice.sagebaseelasticbeanstalk.orgcom/repo/v1/{resource_type}/{rid}/acl
{
 "resourceId":{rid},
 "resourceAccess":[
	{"userGroupId":"4",
	 "accessType":["READ","CHANGE_PERMISSIONS","DELETE","UPDATE","CREATE"]
	}
 ]
}

...

Note: This is only used when a "resourceId" already specifies its access control list (does not inherit from an ancestor).

PUT httphttps://repositoryservicestaging-reposervice.sagebaseelasticbeanstalk.orgcom/repo/v1/{resource_type}/{rid}/acl
{"id":"1",
 "etag":"0",
 "resourceId":{rid},
 "resourceAccess":[
	{"id":"1",
	 "userGroupId":"4",
	 "accessType":["READ","CHANGE_PERMISSIONS","DELETE","UPDATE","CREATE"]
	}
 ],
}

...

This deletes the given object's ACL, restoring its dependence on its owner's permissions.

DELETE httphttps://repositoryservicestaging-reposervice.sagebaseelasticbeanstalk.orgcom/repo/v1/{resource_type}/{rid}/acl