Skip to content

Authentication usage

Jump to bottom
José Bonnet edited this page Mar 28, 2018 · 9 revisions

This page details the Authentication-related endpoints of the SONATA Gatekeeper API. This part of the Gatekeeper API is closely related to the Gatekeeper's User Management module, which is responsible for the authentication and authorization processes. You can learn more details about the Gatekeeper's User Management module in User Management API page.

/users

POST

  • Request:
curl -X POST <base URL>/users \
  -d '{"username":"myself", "password":"1234", "user_type": "developer", "email": "myself@example.com"}'

The username must not exist already in the system. The fields shown in the request are all mandatory. Extra fields are: first_name, last_name, phone_number, certificate and public_key.

  • Response:
{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "myself@example.com", 
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "cb2790f8-bdd5-4293-8a77-bc570714f535"
}

GET

  • Request:
curl -X GET <base URL>/users -H 'authorization:bearer <token>'
  • Response:

When the authorization token used belongs to a user of type admin, a list of all users is presented

[
    {
        "created_at": "2017-08-25T13:16:12+00:00", 
        "email": "demo.user@email.com", 
        "first_name": "Demo", 
        "last_name": "User", 
        "user_type": "developer", 
        "username": "mydemo", 
        "uuid": "c4584602-090e-4f05-9022-4ebfa88508d8"
    }, 
    {
        "created_at": "2017-08-25T13:16:07+00:00", 
        "email": "sonata.admin@email.com", 
        "first_name": "Admin", 
        "last_name": "Default", 
        "user_type": "admin", 
        "username": "myadmin", 
        "uuid": "d60af432-25bd-47b9-83f2-4396e3b202f2"
    }, 
    {
        "created_at": "2017-08-25T13:17:22+00:00", 
        "email": "sonata-1503667042@sonata-nfv.eu", 
        "user_type": "developer", 
        "username": "myself", 
        "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
    }
]

When the authorization token used belongs to a user that has been created with type either developer or customer, only that user's data is presented

{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "sonata-1503667042@sonata-nfv.eu", 
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
}

PUT

  • Request:
curl -X PUT <base URL>/users -H 'authorization:bearer <token>' \
  -d '{"username":"myself", "password":"9876", "user_type": "customer", "email": "myself-customer@example.com"}'

The username can not be changed.

  • Response:
{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "myself-customer@example.com", 
    "user_type": "customer", 
    "username": "myself", 
    "uuid": "cb2790f8-bdd5-4293-8a77-bc570714f535"
}

OPTIONS

  • Request:
curl -X OPTIONS <base URL>/users -H 'authorization:bearer <token>'
  • Response:
<empty>

/users/<user_uuid>

GET

  • Request:
curl -X GET <base URL>/users/<user_uuid> -H 'authorization:bearer <token>'
  • Response:

When the authorization token used belongs to a user of type admin, the requested data is returned, whatever the user it belongs to. Otherwise, the user's data is returned

{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "sonata-1503667042@sonata-nfv.eu", 
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
}

/users/<user_name>/user-public-key

PATCH

  • Request:
curl -X PATCH <base URL>/users/<user_name>/user-public-key -H 'authorization:bearer <token>' \
  -d '{"public-key":"..."}'
  • Response:
{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "sonata-1503667042@sonata-nfv.eu",
    "public-key": "...",
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
}

/users/public-key

GET

Obtains the User Management module Public Key.

  • Request:
curl -X GET <base URL>/users/public-key
  • Response:

When the authorization token used belongs to a user of type admin, the requested data is returned, whatever the user it belongs to. Otherwise, the user's data is returned

{
    "created_at": "2017-08-25T13:17:22+00:00", 
    "email": "sonata-1503667042@sonata-nfv.eu", 
    "user_type": "developer", 
    "username": "myself", 
    "uuid": "771123c8-c860-4e97-8be1-0fe35e52a685"
}

/sessions

A user may have simultaneously several valid sessions.

POST

Creates a session (i.e., logs in).

  • Request:
curl -X POST <base URL>/sessions -d '{"username":"myself", "password":"1234"}'
  • Response:
{
    "session_began_at": "2017-08-25 14:16:09 UTC", 
    "token": {
        "access_token": "...", 
        "expires_in": 1200, 
        "not-before-policy": 0, 
        "refresh_expires_in": 1800, 
        "refresh_token": "...", 
        "session_state": "c8242f9c-8333-4a6c-84ff-2158bd6d2709", 
        "token_type": "bearer"
    }, 
    "username": "myself"
}

DELETE

Destroys the session (i.e., logs out).

  • Request:
curl -X DELETE <base URL>/sessions -H 'authorization:bearer <token>'
  • Response:
<empty>

Clone this wiki locally