[83] Create refresh token endpoint #173
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stanislawK
reviewed
Sep 18, 2019
backend/resources/auth.py
Outdated
| ) | ||
|
|
||
| ret = {'access_token': access_token} | ||
| return ret, HTTPStatus.CREATED |
There was a problem hiding this comment.
I believe we could just use here: return {'access_token': access_token}, HTTPStatus.CREATED
stanislawK
approved these changes
Sep 18, 2019
…barczyk/codeforpoznan.pl_v3 into 83_Create_Refresh_Token
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
User login (auth/login/) endpoint is now returning both access and refresh token. Refresh token can be used to obtain new access token(via /auth/refresh/ route). There is a new endpoint (/auth/revoke-refresh-token/) to revoke refresh tokens (it should occur during logging out). I also added missing ending slashes to existing routes.
Use Postman app for tests.
Endpoints:
Login
(method: POST) /auth/login/
takes raw JSON as a parameter:
{
"username": username,
"password": password
}
If successful, returns access token, refresh token, HTTP status CREATED (201),
otherwise returns message "Not authorized", HTTP status UNAUTHORIZED (401).
Refreshing access token
(method: POST) /auth/refresh/
takes refresh token via Authorization header(Bearer token) as a parameter.
If successful, returns new access token, HTTP status CREATED (201),
If refresh token was revoked returns message "token has been revoked", HTTP status UNAUTHORIZED (401).
Revoking refresh token
(method: DELETE) /auth/revoke-refresh-token/
takes refresh token via Authorization header(Bearer token) as a parameter.
If successful, returns message "Refresh token successfully revoked", HTTP status OK (200).