Difference between revisions of "stoney core: Authentication Resource - REST API"

From stoney cloud
Jump to: navigation, search
[unchecked revision][checked revision]
(Auth retrieval (GET) example)
(Auth retrieval (GET) example)
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
=== Auth action ===
+
Also visit [[stoney core: Authentication Resource Mapping (REST - LDAP)]].
  
To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET.
+
= Auth action =
  
==== Auth retrieval (GET) ====
+
To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET.
  
===== Auth retrieval (GET) example =====
+
== Auth retrieval (GET) ==
 +
=== Auth retrieval (GET) example ===
 
To verify the authentication the clients sends a HTTP <code>GET</code> request on the auth's resource URI <code>https://api.example.com/v1/auth</code>.
 
To verify the authentication the clients sends a HTTP <code>GET</code> request on the auth's resource URI <code>https://api.example.com/v1/auth</code>.
 
The service responds with a HTTP status code:
 
The service responds with a HTTP status code:
Line 34: Line 35:
 
<source lang='javascript'>
 
<source lang='javascript'>
 
{
 
{
   "authenticatedAs": "user@example.com",
+
   "id": 4000123,
   "roles": [ "Virtualization Admin", "Backup User"],
+
   "user": "user@example.com",
   "location": "https://api.selfcare.com/v1/people/4000123"
+
   "location": "https://api.example.com/v1/people/4000123"
 
}
 
}
 
</source>
 
</source>
Line 43: Line 44:
  
  
[[Category: REST API]]
+
[[Category: REST API]][[Category:stoney core]]

Latest revision as of 12:43, 1 May 2014

Also visit stoney core: Authentication Resource Mapping (REST - LDAP).

Auth action

To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET.

Auth retrieval (GET)

Auth retrieval (GET) example

To verify the authentication the clients sends a HTTP GET request on the auth's resource URI https://api.example.com/v1/auth. The service responds with a HTTP status code:

  • 200 (OK) on success
  • 401 (Unauthorized) on authentication failure
  • 429 (Too Many Requests)

The service must never return 403 or similar to avoid attacks which try to figure out which users exist and which do not.

Request:

GET /v1/auth/ HTTP 1.1
HOST: api.example.com
AUTHORIZATION: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json

Answer:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8 
{
  "id": 4000123,
  "user": "user@example.com",
  "location": "https://api.example.com/v1/people/4000123"
}