Open BethanyG opened 3 years ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Still open.
Now that we'e decided to implement a Registration and Login flow and re-organize our auth endpoints (PR #187), post-merge we'll need to update our documentation to show the endpoint & functionality changes:
api/v1/auth/verify-email/
endpoint, which will flag the email as "valid" in the DB.password reset
emails. Password reset emails will contain a UID and TOKEN. A POST to/api/v1/auth/password/reset/confirm/
with:will reset the user password associated with the UID.
Current Endpoints after PR #187 is merged:
Django Admin Interface and Login:
/admin/
(to login to the admin interface with superuser credentials)Obtaining JWT tokens:
api/v1/auth/token
(obtain an access & refresh token pair),api/v1/auth/verify
(verify the validity of a refresh or access token),api/v1/refresh
(obtain new access toke by using non-expired refresh token)The length of time
access
andrefresh
tokens remain valid can be configured inconfig/settings/base.py
by adding aSIMPLE_JWT={}
dictionary of values. please note: this project does not currently use SLIDING_TOKEN, only ACCESS_TOKEN and REFRESH_TOKEN current defaults from the library are:Registration/Login/Logout/password reset:
api/v1/auth/registration/
(on submit, triggers a validation email to the email address a user enters)api/v1/auth/verify-email/
(POST a user's HMC email key for validating their email)api/v1/auth/login/
(Requires a validated email in order to sign in)api/v1/auth/logout/
(Clear tokens from currently logged in user)api/v1/auth/password/reset/
(if POST-ed to with an email, will send a password reset email to the POSTED email)api/v1/auth/password/reset/confirm/
(if POST-ed to with the UID & TOKEN from the reset email & new password, will reset the password for the UID POSTED)User Details & current_user:
api/v1/auth/user/
(to view currently logged in User Details)api/v1/auth/current_user
(to view currently logged in User minus their email address)Viewing and Creating Resources:
api/v1/resources/
(GET view a list of resources available. No auth required.)api/v1/resources/
(POST view to create a resource. Requires a valid access or refresh token.)api/v1/resources/
(PATCH view to edit/update a resource. Requires a valid access or refresh token.)