-
Notifications
You must be signed in to change notification settings - Fork 5
Authentication API
Alfredo Sequeida edited this page Mar 1, 2023
·
14 revisions
fetch("http://localhost:8000/api/auth/register", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
username: "username",
email: "username@domain.com",
password: "password",
}),
})
.then((res) => res.json())
.then((json) => console.log(json))
.catch((err) => console.error("error:" + err));- Upon successful registration, a user will receive an email to verify their account.
{"message": "account created"}fetch("http://localhost:8000/api/auth/login", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(
{"email":"email@domain.com","password":"password"}
),
})
.then((res) => res.json())
.then((json) => console.log(json))
.catch((err) => console.error("error:" + err));{
"accessToken": "JWTaccessToken",
"refreshToken": "JWTRefreshToken"
}fetch("http://localhost:8000/api/auth/logout", {
method: "POST",
headers: {
Authorization: "Bear JWTAccessToken",
'Content-Type': 'application/json'
},
body: JSON.stringify({
refreshToken: "JWTRefreshToken",
}),
})
.then((res) => res.json())
.then((json) => console.log(json))
.catch((err) => console.error("error:" + err));- The
JWTAccessTokenandJWTRefreshTokencan be obtained from the/auth/loginAPI endpoint or the/aut/refreshTokenAPI endpoint
nonefetch("http://localhost:8000/api/auth/refreshToken ", {
method: "POST",
headers: {'Content-Type': 'application/json'},
body: JSON.stringify(
{"refreshToken":"JWTRefreshToken"}
),
})
.then((res) => res.json())
.then((json) => console.log(json))
.catch((err) => console.error("error:" + err));- The
JWTRefreshTokencan be obtained from the/auth/loginAPI endpoint API endpoint. - A
JWTRefreshTokencan only be used once. For security purposes, If aJWTRefreshTokenis used more than once, all tokens for the account belonging to thatJWTRefreshTokenwill be revoked. As such, a user will be forced to log back in to regain access.
{
"accessToken": "JWTaccessToken",
"refreshToken": "JWTRefreshToken"
}fetch("http://localhost:8000/api/auth/requestPasswordReset", {
method: "POST",
headers: {'Content-Type': 'application/json'},
body: JSON.stringify(
{"email":"email@domain.com"}
),
})
.then((res) => res.json())
.then((json) => console.log(json))
.catch((err) => console.error("error:" + err));none- This enpoint sends the account owner an email with a link to reset their password. The link includes a password reset token called
tokenand a user id belonging to the account owner's account. This information can be used to reset the account's password using the/auth/resetAccountPasswordendpoint. - Password reset tokens expire after 1 hour, or when the password is reset; whichever happens first.
fetch("http://localhost:8000/api/auth/resetAccountPassword", {
method: "POST",
headers: {'Content-Type': 'application/json'},
body: JSON.stringify(
{
"passwordResetToken": "passwordResetToken",
"newPassword": "newPassword",
"userId": "userId"
}
),
})
.then((res) => res.json())
.then((json) => console.log(json))
.catch((err) => console.error("error:" + err));-
passwordResetTokenanduserIdcan be obtained using the/auth/requestPasswordResetendpoint.
nonefetch("http://localhost:8000/api/auth/verifyAccountEmail", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
"verifyAccountEmailToken": "token",
"userId": "id"
}),
})
.then((res) => res.json())
.then((json) => console.log(json))
.catch((err) => console.error("error:" + err));-
verifyAccountEmailTokenanduserIdcan be acquired from the user email sent to the user upon registration - Note: a
verifyAccountEmailTokenis only valid for 1 hour or until the user verifies their account; whichever happens first.
none