API for Authentication and Authorization
API for Authentication
Create User
POST https://ssl.latest.deflaux-test.appspot.com/auth/v1/user {"userId":"demouser", "email":"demouser@sagebase.org", "firstName":"demo", "lastName":"user", "displayName":"Demo User"}
Successful Response:
HTTP/1.1 201 Created
Missing password or user ID already exists:
HTTP/1.1 400 Bad Request
Update User
PUT https://ssl.latest.deflaux-test.appspot.com/auth/v1/user {"userId":"demouser", "email":"demouser@sagebase.org", "firstName":"demo", "lastName":"user", "displayName":"Demo User"}
Successful Response:
HTTP/1.1 200 OK
Send Change-Password Email
POST https://ssl.latest.deflaux-test.appspot.com/auth/v1/userPasswordEmail {"userId":"demouser"}
Successful Response:
HTTP/1.1 204 NO CONTENT
Initiate Session (Login)
Request:
POST https://ssl.latest.deflaux-test.appspot.com/auth/v1/session {"userId":"demouser", "password":"demouser-pw"}
Successful Response:
HTTP/1.1 201 Created Content-Type: application/json {"displayName":"Demo User","sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"}
Error Response, if the user authentication details are incorrect:
HTTP/1.1 400 Bad Request AuthenticationURL: https://ssl.latest.deflaux-test.appspot.com/auth/v1/session Content-Type: application/json {"reason":"Unable to authenticate."}
Session token is valid for a period of time, currently set to 24 hours.
Refresh Token (reset timer)
Request:
PUT https://ssl.latest.deflaux-test.appspot.com/auth/v1/session {"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"}
Successful Response:
HTTP/1.1 200 OK
Error Response, if the session token is invalid:
HTTP/1.1 404 Not Found {"reason":"Unable to validate session."}
Terminate Session (Logout)
NOTE: This doesn't work when deployed on AppEngine. Will retest once we make the transition to another platform.
Request:
DELETE https://ssl.latest.deflaux-test.appspot.com/auth/v1/session {"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"}
Response:
HTTP/1.1 204 NO CONTENT
Sample commands, issued from cURL:
Create User:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"userId\":\"NEWuser\", \"password\":\"demouser-pw\", \"email\":\"demouser@sagebase.org\", \"firstName\":\"demo\", \"lastName\":\"user\", \"displayName\":\"Demo User\"}" -X POST https://ssl.latest.deflaux-test.appspot.com/auth/v1/user
Update User:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"userId\":\"NEWuser\", \"password\":\"NEWdemouser-pw\", \"email\":\"demouser@sagebase.org\", \"firstName\":\"NEWdemo\", \"lastName\":\"NEWuser\", \"displayName\":\"NEWDemo User\"}" -X PUT https://ssl.latest.deflaux-test.appspot.com/auth/v1/user
Send Change Password Email:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"userId\":\"demouser\"}" -X POST https://ssl.latest.deflaux-test.appspot.com/auth/v1/userPasswordEmail
Login:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"userId\":\"demouser\", \"password\":\"demouser-pw\"}" -X POST https://ssl.latest.deflaux-test.appspot.com/auth/v1/session
Refresh session token:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"}" -X PUT https://ssl.latest.deflaux-test.appspot.com/auth/v1/session
Logout:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"}" -X DELETE https://ssl.latest.deflaux-test.appspot.com/auth/v1/session
Access repository services anonymously:
curl -H Accept:application/json http://localhost:8080/repo/v1/dataset/test
Access repository services with session token (obtained by logging in):
curl -H Accept:application/json -H sessionToken:AprxPRzpmaPm7FXzV1ik0w00 http://localhost:8080/repo/v1/dataset/test
Authentication of Requests to Platform
Requests shall include a header named "sessionToken" whose value is that returned by the Initiate Session request, above. (The session will timeout eventually, with a nominal duration of 24 hours.)
For requests that fail to be authenticated the response will include the headers:
WWW-Authenticate: authenticate Crowd
and a plain text body: "The token provided was invalid or expired."
API for Authorization
TBD