-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
The /users/login
endpoint is used to check a username
+ password
and receive the access_token
and refresh_token
.
Send a POST request
to the /users/login
endpoint. This endpoint requires a username
and password
in the body.
FOR TESTING PURPOSES ONLY: You can use the following username
and password
:
{
"username":"[email protected]",
"password":"password"
}
If the username
and password
match you will receive a 200 OK
status and receive the following JSON response:
{
"token_type": "Bearer",
"expires_in": 31536000,
"access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx(This is actual realy long)",
"refresh_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx(This is actual realy long)"
}
The expires_in
is currently set to 1 year. This is too long and will be changed in a future version.
If the users email is not validated yet, you will receive a 401 Unauthorized
status and this JSON response:
{
"message": "The email is not validated"
}
If the username
and/or password
do not match you will receive a 400 Bad request
status and a JSON response similar to this one:
{
"error": "invalid_grant",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
"hint": "",
"message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
Almost every request needs to be authenticated.
These requests do not need to be authenticated:
/users/login
/users/register
/users/validation
/events
/events/[id]
mails/verify
You can authenticate the request via the header in your request.
The key should be Authorization
.
The value should be Bearer {access_token}
.
Attention: Bearer
has to be capitalized and a [space] has to be added between Bearer
and the acces_token
.
- The request will be successfully executed as expected.
- You didn't authorized your request - You will receive a
401 Unauthorized
status and the following JSON response:
{
"message": "Unauthenticated."
}
- You didn't make a correct API request - You will receive a
405 Method not allowed
and the following JSON response:
{
"message": "This URL is used as a REST API. This means only API calls are allowed!"
}
The GET /api/users/role
endpoint returns the role of the authenticated user like the example below:
{
"role": "admin"
}