-
Notifications
You must be signed in to change notification settings - Fork 0
Authorization
JSON Web Token (JWT) is an Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key. For example, a server could generate a token that has the claim "logged in as admin" and provide that to a client. The client could then use that token to prove that it is logged in as admin. The tokens can be signed by one party's private key (usually the server's) so that party can subsequently verify the token is legitimate. If the other party, by some suitable and trustworthy means, is in possession of the corresponding public key, they too are able to verify the token's legitimacy. The tokens are designed to be compact, URL-safe, and usable especially in a web-browser single-sign-on (SSO) context. JWT claims can typically be used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.
For authorization, the user must send a POST request to the /api/token-auth containing his username and password:
PAYLOAD=$(cat << 'JSON'
{
"username": "username",
"password": "password"
}
JSON
)
curl --request POST --header "Content-Type: application/json" --data "$PAYLOAD" https://julia-api-server.codes/api/token-auth
In response, if the data is invalid, the server will send a response with the 400 code. Otherwise, the server will send json with a new generated key (status code 200):
{
"token": <large token>"
}
Done! Now, to access API functions that require authentication, the user must provide this key in the request header:
curl --request <URL-method> --header "Authorization: JWT <access_token>" <api-address>
After a certain time, the tokens expire and must be renewed. So for updating the API user only needs to send a POST request to the /api/token-refresh containing the current expired token:
curl --request POST --data "token=<old_token>" https://julia-api-server.codes/api/token-refresh
The server response can be a new token (status code 200) or, if the entire user session expires, error 400. In this case, you must re-enter your data for authorization in /api/token-auth
To authorize a user through a GitHub account, you need to follow a few simple steps:
- Front-end redirect user to social authorize url with Client ID
b354a414b25ad4caa59f. - User confirms.
- Social provider redirects back to
localhost/auth/githubwith paramcode. - Front-end now ready to login the user. To do it, send POST request on julia with code:
PAYLOAD=$(cat << 'JSON'
{
"code": "afd91931b4609e3d0423",
}
JSON
)
curl --request POST --header "Content-Type: application/json" --data "$PAYLOAD" https://julia-api-server.codes/api/auth/social/jwt-pair/github
Backend will either signin the user, either signup, either return error.