Versions Compared

Old Version 78

changes.mady.by.user Bruce Hoff

Saved on

compared with

New Version 79

changes.mady.by.user Bruce Hoff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
{section} {column:width=50%} On This page {toc} {column} {column:width=5%} {column} {column:width=45%} On Related Pages {pagetree:root=@parent|startDepth=3} {column} {section} h1. API for Authentication and Authorization h2. API for Authentication h3. Create User {code}
Wiki Markup
Section
Column
width50%

On This page

Table of Contents
Column
width5%

Column
width45%

On Related Pages

Page Tree
rootPLFM:@parent
startDepth3

API for Authentication and Authorization

API for Authentication

Create User

Code Block
POST https://staging-auth.elasticbeanstalk.com/auth/v1/user
{"email":"demouser@sagebase.org", "firstName":"demo", "lastName":"user", "displayName":"Demo User"}
{code}


Successful

Successful Response:

...

}
Code Block
HTTP/1.1 201 Created
{code}


Missing password or user ID already exists:
{code}

Missing password or user ID already exists:

Code Block
HTTP/1.1 400 Bad Request
{code}

Note:

...

  As

...

a

...

side

...

effect

...

this

...

will

...

send

...

an

...

email

...

to

...

the

...

given

...

address,

...

prompting

...

the

...

user

...

to

...

set

...

their

...

password.

...

Get User

Retrieves the user based on the session token header, which is required.  Note:  the "password" field will be null, since retrieving a user's password is not permitted.

Code Block
GET https://staging-auth.elasticbeanstalk.com/auth/v1/user
{code}

{code}
Code Block
HTTP/1.1 200 OK
Content-Type: application/json
{
  "displayName": "Demo User",
  "email": "demouser@sagebase.org",
  "firstName": "demo",
  "lastName": "user",
  "password": null
}
{code}

h3. Update User

{code}

Update User

Code Block
PUT https://staging-auth.elasticbeanstalk.com/auth/v1/user
sessionToken:<sessionToken>
{"email":"demouser@sagebase.org", "firstName":"demo", "lastName":"user", "displayName":"Demo User"}
{code}

&nbsp;where <sessionToken> is that returned by "Initiate

 where <sessionToken> is that returned by "Initiate Session",

...

below.

...

Note

...

the

...

authentication

...

service

...

manage

...

the

...

properties

...

shown

...

(principally

...

the

...

userId

...

and

...

password)

...

while

...

the

...

repository

...

services

...

(below)

...

manage

...

other

...

related

...

user

...

attributes.

...

Successful

...

Response:

...

}
Code Block
HTTP/1.1 204 No Content
{code}

Error

...

Response,

...

if

...

the

...

session

...

token

...

is

...

missing

...

or

...

does

...

not

...

match

...

userId:

...

}
Code Block
HTTP/1.1 400 Bad Request
Content-Type: application/json
{"reason":"Not authorized."}
{code}

h3. Send

Send Change-Password

...

Email

...

}
Code Block
POST https://staging-auth.elasticbeanstalk.com/auth/v1/userPasswordEmail
{"email":"demouser@sagebase.org"}
{code}


Successful

Successful Response:

...

}
Code Block
HTTP/1.1 204 No Content
{code}

If

...

the

...

email

...

address

...

is

...

not

...

in

...

the

...

user

...

database:

...

}
Code Block
HTTP/1.1 400 Bad Request
{code}

Note:

...

The

...

email

...

template

...

is

...

in

...

the

...

auth-util

...

package,

...

in

...

the

...

file

...

resetpasswordEmail.txt.

...

The

...

reset

...

link,

...

along

...

with

...

the

...

smtp

...

parameters,

...

is

...

in

...

the

...

file

...

authutil.properties.

...

Send

...

Set-API-Password Email

Code Block
EmailPOSTPOST https://staging-auth.elasticbeanstalk.com/auth/v1/apiPasswordEmail
{"email":"demouser@sagebase.org"}

Successful

...

Response:

Code Block

HTTP/1.1 204 No Content

If

...

the

...

email

...

address

...

is

...

not

...

in

...

the

...

user

...

database:

Code Block

HTTP/1.1 400 Bad Request

Note:

...

The

...

email

...

template

...

is

...

in

...

the

...

auth-util

...

package,

...

in

...

the

...

file

...

setAPIpasswordEmail.txt.

...

The

...

reset

...

link,

...

along

...

with

...

the

...

smtp

...

parameters,

...

is

...

in

...

the

...

file

...

authutil.properties.

...

Set

...

Password

...

}
Code Block
POST https://staging-auth.elasticbeanstalk.com/auth/v1/userPassword
{"email":"demouser@sagebase.org", "password":"foobar"}
{code}


Successful

Successful Response:

...

}
Code Block
HTTP/1.1 201 No Content
{code}




Note:&nbsp; Session token is required in request header.


h3. Initiate Session (Login)

Request:

{code}

Note:  Session token is required in request header.

Initiate Session (Login)

Request:

Code Block
POST https://staging-auth.elasticbeanstalk.com/auth/v1/session
{"email":"demouser@sagebase.org", "password":"demouser-pw"}
{code}


Successful

Successful Response:

...

}
Code Block
HTTP/1.1 201 Created
Content-Type: application/json
{"displayName":"Demo User","sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"}
{code}

Error

...

Response,

...

if

...

the

...

user

...

authentication

...

details

...

are

...

incorrect:

...

}
Code Block
HTTP/1.1 400 Bad Request
AuthenticationURL: https://staging-auth.elasticbeanstalk.com/auth/v1/session
Content-Type: application/json
{"reason":"Unable to authenticate."}
{code}




Session token is valid for a period of time, currently set to 24 hours.



h3. Refresh Token (reset timer)

Request:

{code}

Session token is valid for a period of time, currently set to 24 hours.

Refresh Token (reset timer)

Request:

Code Block
PUT https://staging-auth.elasticbeanstalk.com/auth/v1/session
{"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"}
{code}


Successful

Successful Response:

...

}
Code Block
HTTP/1.1 204 No Content
{code}

Error

...

Response,

...

if

...

the

...

session

...

token

...

is

...

invalid:

...

}
Code Block
HTTP/1.1 404 Not Found
{"reason":"Unable to validate session."}
{code}

h3. Terminate Session

Terminate Session (Logout)

...

 Note: Sessions initiated by multiple clients for the same user around the same time will receive identical "single sign on" tokens.  Since session termination is linked to the session token, terminating the session for one client via this command will have the side effect of terminating all sessions.  An alternative is for the client simply to delete its own copy of the token.

Request:

Code Block
DELETE https://staging-auth.elasticbeanstalk.com/auth/v1/session
{"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"}
{code}

Response:

...

}
Code Block
HTTP/1.1 204 NO CONTENT
{code}



h2. Sample

Sample commands,

...

issued

...

from

...

cURL:

...

Create

...

User:

...


curl

...

-k

...

-H

...

"Content-Type:application/json"

...

-H

...

"Accept:application/json"

...

-d

...

"

...

{\"email\":\"demouser@sagebase.org\",

...

\"firstName\":\"demo\",

...

\"lastName\":\"user\",

...

\"displayName\":\"Demo

...

User\"}"

...

-X

...

POST

...

https://staging-auth.elasticbeanstalk.com/auth/v1/user

...

Update User:
curl -k -H "Content-Type:application/json"

...

-H

...

"Accept:application/json"

...

-d

...

"

...

{\"email\":\"demouser@sagebase.org\",

...

\"firstName\":\"NEWdemo\",

...

\"lastName\":\"NEWuser\",

...

\"displayName\":\"NEWDemo

...

User\"}"

...

-X

...

PUT

...

https://staging-auth.elasticbeanstalk.com/auth/v1/user

...

Send Change Password Email:
curl -k -H "Content-Type:application/json"

...

-H

...

"Accept:application/json"

...

-d

...

"

...

{\"email\":\"demouser@sagebase.org\"}"

...

-X

...

POST

...

https://staging-auth.elasticbeanstalk.com/auth/v1/userPasswordEmail

...

Login:
curl -k -H "Content-Type:application/json"

...

-H

...

"Accept:application/json"

...

-d

...

"

...

{\"email\":\"demouser@sagebase.org\",

...

\"password\":\"demouser-pw\"

...

}"

...

-X

...

POST

...

https://staging-auth.elasticbeanstalk.com/auth/v1/session

...

Refresh session token:

curl -k -H "Content-Type:application/json"

...

-H

...

"Accept:application/json"

...

-d

...

"

...

{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"

...

}"

...

-X

...

PUT

...

https://staging-auth.elasticbeanstalk.com/auth/v1/session

...

Logout:
curl -k -H "Content-Type:application/json"

...

-H

...

"Accept:application/json"

...

-d

...

"

...

{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"}"

...

-X

...

DELETE

...

https://staging-auth.elasticbeanstalk.com/auth/v1/session

...

Access repository services anonymously:
curl -H Accept:application/json

...

https://staging-

...

reposervice.elasticbeanstalk.com/repo/v1/dataset/test

Access repository services with session token (obtained by logging in):
curl -H Accept:application/json

...

-H

...

sessionToken:AprxPRzpmaPm7FXzV1ik0w00

...

https://staging-reposervice.elasticbeanstalk.com/repo/v1/dataset/test

...


Authentication of Requests to Platform

Requests shall include a header named "sessionToken" whose value is that returned by the Initiate Session request, above.  (The session will timeout eventually, with a nominal duration of 24 hours.)

For requests that fail to be authenticated the response will include the headers:

WWW-Authenticate: authenticate Crowd

and a plain text body:  "The token provided was invalid or expired."

API for Authorization

Get the users who can be added to a resource's ACL

Code Block
GET https://staging-reposervice.elasticbeanstalk.com/repo/v1/user
{
}
Code Block
{code}
[
  {"name":"anonymous","id":"3","creationDate":1307402971000,"uri":null,"etag":null,"individual":true},
  {"name":"foo@sagebase.org","id":"4","creationDate":1307403226000,"uri":null,"etag":null,"individual":true}
]
{code}


h3. Get the groups who can be added to a

Get the groups who can be added to a resource's

...

ACL

...

}
Code Block
GET https://staging-reposervice.elasticbeanstalk.com/repo/v1/userGroup
{code}
{code}
Code Block
[
  {"name":"Identified Users","id":"1","creationDate":1307141423000,"uri":null,"etag":null,"individual":false},
  {"name":"Federation Group","id":"2","creationDate":1307141423000,"uri":null,"etag":null,"individual":false}
]
{code}

Note:

...

The

...

"id"

...

fields

...

returned

...

from

...

/user

...

and

...

/userGroup

...

are

...

used

...

in

...

the

...

"userGroupId"

...

fields

...

in

...

the

...

ACLs

...

shown

...

below.

...

Get

...

Access

...

Control

...

List

...

for

...

a

...

Resource

...

Returns

...

the

...

ACL

...

for

...

the

...

node

...

responsible

...

for

...

the

...

given

...

node's

...

permissions.

...

Note:

...

In

...

the

...

following

...

example,

...

'resourceId'

...

is

...

the

...

id

...

of

...

the

...

node

...

to

...

which

...

permissions

...

are

...

attached,

...

either

...

rid

...

or

...

one

...

of

...

rid's

...

ancestors;

...

'resource_type'

...

is

...

the

...

type

...

of

...

rid

...

(project,

...

dataset,

...

layer,

...

etc.);

...

there

...

is

...

one

...

'resourceAccess'

...

entry

...

per

...

UserGroup

...

(aka

...

'principal')

...

having

...

access

...

to

...

the

...

resource;

...

'userGroupId'

...

is

...

the

...

id

...

of

...

the

...

UserGroup

...

object;

...

'accessType'

...

is

...

the

...

list

...

of

...

types

...

of

...

access

...

the

...

given

...

UserGroup

...

has

...

to

...

the

...

given

...

resource.

...

}
Code Block
GET https://staging-reposervice.elasticbeanstalk.com/repo/v1/{resource_type}/{rid}/acl
{code}

{code}
Code Block
{"id":"1",
 "creationDate":1307141851484,
 "uri":null,
 "etag":"0",
 "createdBy":"admin",
 "resourceId":"1",
 "resourceAccess":[
	{"id":"1",
	 "userGroupId":"4",
	 "accessType":["READ","CHANGE_PERMISSIONS","DELETE","UPDATE","CREATE"]
	}
 ],
 "modifiedBy":"admin",
 "modifiedOn":1307141851483
}
{code}


h3. Create Access Control List for a Resource

Note: This is only used when the resource 'rid' currently inherits its access control list from an ancestor. This request causes 'rid' to cease ACL inheritance and instead use the ACL passed in with the request.
{code}

Create Access Control List for a Resource

Note: This is only used when the resource 'rid' currently inherits its access control list from an ancestor. This request causes 'rid' to cease ACL inheritance and instead use the ACL passed in with the request.

Code Block
POST https://staging-reposervice.elasticbeanstalk.com/repo/v1/{resource_type}/{rid}/acl
{
 "resourceId":{rid},
 "resourceAccess":[
	{"userGroupId":"4",
	 "accessType":["READ","CHANGE_PERMISSIONS","DELETE","UPDATE","CREATE"]
	}
 ]
}
{code}



h3. Update Access Control List for a Resource

Note: This is only used when a "resourceId" already specifies its access control list (does not inherit from an ancestor).
{code}
}

Update Access Control List for a Resource

Note: This is only used when a "resourceId" already specifies its access control list (does not inherit from an ancestor).

Code Block
PUT https://staging-reposervice.elasticbeanstalk.com/repo/v1/{resource_type}/{rid}/acl
{"id":"1",
 "etag":"0",
 "resourceId":{rid},
 "resourceAccess":[
	{"id":"1",
	 "userGroupId":"4",
	 "accessType":["READ","CHANGE_PERMISSIONS","DELETE","UPDATE","CREATE"]
	}
 ],
}
{code}

h3. Delete Access Control List for a Resource

This deletes the given object's ACL, restoring its dependence on its owner's permissions.

{code}

Delete Access Control List for a Resource

This deletes the given object's ACL, restoring its dependence on its owner's permissions.

Code Block
DELETE https://staging-reposervice.elasticbeanstalk.com/repo/v1/{resource_type}/{rid}/acl
{code}


h3. Ask whether there is access to a Resource

Note: The query is asked for the user who is implied by the session token, or 'anonymous' if there is no token.

{code}

Ask whether there is access to a Resource

Note: The query is asked for the user who is implied by the session token, or 'anonymous' if there is no token.

Code Block
GET https://staging-reposervice.elasticbeanstalk.com/repo/v1/{resource_type}/{rid}/access?accessType={accessType}
{code}

{code}
Code Block
{"result":true}
{code}

h1. More Examples

h2. Add a particular user with full access and identified individuals with read-only access to a project.

*Get Request:*{code}

More Examples

Add a particular user with full access and identified individuals with read-only access to a project.

Get Request:

Code Block
curl -H sessionToken:XXXXXXXXXXXXXXXXXX -H Content-Type:application/json -k  https://reposvc-alpha.sagebase.org/repo/v1/project/498/acl
{code}

*Get

Get Response:

...

}
Code Block
{
   "id":"3",
   "creationDate":1308274656084,
   "etag":"0",
   "createdBy":"nicole.deflaux@sagebase.org",
   "resourceId":"498",
   "resourceAccess":[
      {
         "id":"4",
         "userGroupId":"7",
         "accessType":[
            "DELETE",
            "CHANGE_PERMISSIONS",
            "UPDATE",
            "READ",
            "CREATE"
         ]
      }
   ],
   "modifiedBy":"nicole.deflaux@sagebase.org",
   "modifiedOn":1308274656084,
   "uri":"/repo/v1/project/498/acl"
}{code}


*Update Request*:{code}

Update Request:

Code Block
curl -H sessionToken:XXXXXXXXX -H Content-Type:application/json -X PUT -d '{
   "id":"3",
   "creationDate":1308274656084,
   "etag":"0",
   "createdBy":"nicole.deflaux@sagebase.org",
   "resourceId":"498",
   "resourceAccess":[
      {
         "userGroupId":"1",
         "accessType":[
            "READ"
         ]
      },
      {
         "userGroupId":"7",
         "accessType":[
            "DELETE",
            "CHANGE_PERMISSIONS",
            "UPDATE",
            "READ",
            "CREATE"
         ]
      },
      {
         "userGroupId":"18",
         "accessType":[
            "DELETE",
            "CHANGE_PERMISSIONS",
            "UPDATE",
            "READ",
            "CREATE"
         ]
      }
   ],
   "modifiedBy":"nicole.deflaux@sagebase.org",
   "modifiedOn":1308274656084,
   "uri":"/repo/v1/project/498/acl"
}' https://reposvc-alpha.sagebase.org/repo/v1/project/498/acl
{code}

*Update Response*:{code}

Update Response:

Code Block
{
   "id":"3",
   "creationDate":1308274656084,
   "etag":"0",
   "createdBy":"nicole.deflaux@sagebase.org",
   "resourceId":"498",
   "resourceAccess":[
      {
         "id":null,
         "userGroupId":"7",
         "accessType":[
            "DELETE",
            "UPDATE",
            "CHANGE_PERMISSIONS",
            "READ",
            "CREATE"
         ]
      },
      {
         "id":null,
         "userGroupId":"18",
         "accessType":[
            "DELETE",
            "UPDATE",
            "CHANGE_PERMISSIONS",
            "READ",
            "CREATE"
         ]
      },
      {
         "id":null,
         "userGroupId":"1",
         "accessType":[
            "READ"
         ]
      }
   ],
   "modifiedBy":"nicole.deflaux@sagebase.org",
   "modifiedOn":1308274656084,
   "uri":"/repo/v1/project/498/acl"
}{code}