-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
The /users/login endpoint is used to check a username + password and receive the access_token and refresh_token.
Send a POST request to the /users/login endpoint. This endpoint requires a username and password in the body.
FOR TESTING PURPOSES ONLY: You can use the following username and password:
{
"username":"[email protected]",
"password":"password"
}
If the username and password match you will receive a 200 OK status and receive the following JSON response:
{
"token_type": "Bearer",
"expires_in": 31536000,
"access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx(This is actual realy long)",
"refresh_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx(This is actual realy long)"
}
The expires_in is currently set to 1 year. This is too long and will be changed in a future version.
If the users email is not validated yet, you will receive a 401 Unauthorized status and this JSON response:
{
"message": "The email is not validated"
}
If the username and/or password do not match you will receive a 400 Bad request status and a JSON response similar to this one:
{
"error": "invalid_grant",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
"hint": "",
"message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
Almost every request needs to be authenticated.
These requests do not need to be authenticated:
/users/login/users/register/users/validation/events/events/[id]mails/verify
You can authenticate the request via the header in your request.
The key should be Authorization.
The value should be Bearer {access_token}.
Attention: Bearer has to be capitalized and a [space] has to be added between Bearer and the acces_token.
- The request will be successfully executed as expected.
- You didn't authorized your request - You will receive a
401 Unauthorizedstatus and the following JSON response:
{
"message": "Unauthenticated."
}
- You didn't make a correct API request - You will receive a
405 Method not allowedand the following JSON response:
{
"message": "This URL is used as a REST API. This means only API calls are allowed!"
}
The GET /api/users/role endpoint returns the role of the authenticated user like the example below:
{
"role": "admin"
}