Skip to content

POST auth

Jump to bottom
JeffMedeiros edited this page Dec 2, 2019 · 4 revisions

Description

Retrieve a valid token to be used in requests. The authentication approach is following the specifications of JWT, which is a standard (RFC-7519) that defines how to transmit and store JSON objects in a compact and secure way between different applications.

The token payload will include the following information (RFC-7519):

Claim Description
sub Subject, entity to which the token belongs, usually the user ID.
iss Issuer, defines the issuer of the token.
exp Expiration, timestamp in seconds of when the token will expire.
iat Issued at, timestamp in seconds from when the token was created.
scope Specifies the access scopes that the generated token has.

Example of values that can make up the payload:

{
  "sub": "5daf47f1d3cb260019b5edb9",
  "sub_type": "admin",
  "iss": "ocariot",
  "iat": 1571849771,
  "scope": "physicalactivities:read sleep:read measurements:read",
  "exp": 1571936171
}

URL

POST https://localhost:3001/v1/auth

Curl example

curl -X POST "https://localhost:3001/v1/auth" -H "accept: application/json" -H "Content-Type: application/json" -d "{"username":"your_username","password":"your_password"}"

Request body

{
  "username": "BR0001",
  "password": "br123"
}

Response body

  • 200 Successful Authentication

      {
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZGFmNDdmMWQzY2IyNjAwMTliNWVkYjkiLCJzdWJfdHlwZSI6ImFkbWluIiwiaXNzIjoib2NhcmlvdCIsImlhdCI6MTU3MTg0OTc3MSwic2NvcGUiOiJwaHlzaWNhbGFjdGl2aXRpZXM6cmVhZCBzbGVlcDpyZWFkIG1lYXN1cmVtZW50czpyZWFkIiwiZXhwIjoxNTcxOTM2MTcxfQ.WduK8favKAufML3tg93Wfd-Dg7gUPES31AHnZlzzKtZI1ZX3TVBPm_QCBvLizmthtBs8IVKrYeK4MDGyvoDKrz2-FG3lnbbNeUnZ90SLHDBH9raFrDt8tA4je7nlBiONtOIkzYH0yjhIHf-FuYade64k6OUwGpV3cDLnq2CD2CsmnHDzlAwXnfH2kLB_SHCgXyTCeNJKOb9W3rQ2sc88KHaJIE6CRBQIdi7te-N647vkMuBjon8EgCz4VjX4n6yEXfMFPof905Xt6hD5q7EC9o9QF04x2ElxtjWl5aSvsDEoAeFjAhH7m3_YMgg99md4Rb3jUoFNVd561JvxQDL2PItRagHwRCevh6NdOsypepJSKEj4Vmj3xtm_F3W7fyVP8Z3YCwy5dhzTmpvyELhcgsh2bNx92iDbyl5LQ7Xem9BNgM0yXKDCxAA_nXsKEeYYp3rdCePxBtjhd3Z7zhC1XA9qvbvNOOk8A0561GKr0YP96K4rtMfA3_dfZ1JPa82YP-iLlUCBVMiVAVP7a-3cmNToo29lYILeM2LRdnEANGf_inouCkpXSY_qAQgxip8r-AzjqVl9M8_eIMaDn2IxWeOnVOyfmY1eThJecG7V2iqGKpY61HIHWt0sbdYfuY7fpJNtP9IUSST3UMMb_P3KcLv5CCLuT6XewEWn4nRSFd8"
  }

  • 400 Validation errors

    • Invalid JSON format

    • Missing fields

      • Example 
        {
  "code": 400,
  "message": "Required fields were not provided...",
  "description": "username, password are required!"
}

    • Empty string

      • Example 
        {
  "code": 400,
  "message": "One or more request fields are invalid...",
  "description": "username must have at least one character!"
}

    • Invalid string

      • Example 
        {
  "code": 400,
  "message": "One or more request fields are invalid...",
  "description": "username must be a string!"
}

  • 500 Internal Server Error

OCARIoT Account Microservice API (Full documentation)

Home

Account users

Integration endpoints

auth

users

institutions

children

families

families.children

educators

educators.children.groups

healthprofessionals

healthprofessionals.children.groups

applications

Error patterns

400 Validation Errors

404 Not Found Error

409 Conflict Error

500 Internal Server Error

Clone this wiki locally