User/Device authentication

[purrplingcat]

Related: Following: Source:

---

Authentification

To crud's requires auth access must be given a token. Token is generated by /auth REST call or inside app and get it from admin interface (only for devices).

We have 2 types of auth tokens:

• user
• device

Examples & Scenarios

token metadata

# User
token: abcfgh25kbztt0ia6
type: user
created: 2017-11-15 14:22:30 UTC
expire: 2017-11-16 14:22:29 UTC
user_id: 1234567890852654
device_id: null

# Device
token: xyzfg749kbztt1rf2
type: device
created: 2017-11-15 14:22:30 UTC
expire: 2017-11-16 14:22:29 UTC
user_id: null
device_id: 4562589876543210

Example of JSON data for REST call /auth:

User

{
  "login": "purrplingcat",
  "password": "mystrongpassword"
}

Server result - OK

HTTP status: 200 OK

{
  "status": {
    "code": "OK",
    "message": "OK"
  },
  "content": {
   "token": "abcfgh25kbztt0ia6",
   "created": "2017-11-15 14:22:30 UTC",
   "expires": "2017-11-16 14:22:29 UTC"
  }
}

Server result - Invalid credentials

HTTP status: 401 Unauthorized

{
  "status": {
    "code": "INVALID_CREDENTIALS",
    "message": "Invalid credentials (login, password)"
  }
}

Server result - Authentication failed (internal error)

We sent an authentification, but server failed

Then we get a response:

HTTP status: 500 Bad request

{
  "status": {
    "code": "AUTH_FAILED",
    "message": "Authentication failed"
  }
}

User activation

Request:

POST /users/activate

{
  "status": {
    "code": "OK",
    "message": "OK"
  },
  "content": {
    "activation_token": "XdfgRTf645D.gfwI/*dde024"
  }
}

Response:

HTTP Status: 200 OK

{ 
  "login": "foobazer",
  "email": "foo@bazer.io",
  "active": true
}

I cause of failure:

HTTP Status: 400 Bad Request

{
  "status": {
    "code": "INVALID_TOKEN",
    "message:" "Your token is not valid"
  }
}

If server failure:

HTTP Status: 500 Internal Server Error

{
  "status": {
    "code": "ACTIVATION_FAILED",
    "message": "Activation failed"
  }
}