-
Notifications
You must be signed in to change notification settings - Fork 18
Integrate user management
Daniel edited this page Mar 2, 2017
·
14 revisions
This pages summarises the design of the User Management module into the Gatekeeper
D4.2 lists candidate API for this module, which is:
-
/roles: -
/users:
This API still misses details, such as:
- will we be able to
searchbyuser name? - what will be needed to incorporate micro-service registration?
The complete API (still a WiP) might be (Note: user_name is used, not user_uuid):
-
POST /users: creates a user, with body of the request holding the needed data; -
GET /users: lists all users:-
GET /users?limit=10&offset=0: lists all users with pagination (default values forlimitandoffsetshown);
-
-
GET /users/:user_name: lists data on a specific user; -
PUT /users/:user_name: updates data on a specific user; -
DELETE /users/:user_name: deletes data on a specific user;- it's ok if we do not delete the user record but just mark it as '
DELETED', disallowing him/her from logging in;
- it's ok if we do not delete the user record but just mark it as '
-
POST /users/:user_name/session: creates a session for that specific user; -
DELETE /users/:user_name/session: deletes the existing session for that specific user (Note: only one session per user is assumed);
| Action | HTTP method | Path | Response | Requires token |
|---|---|---|---|---|
| Registration | POST | /sessions/register | 200 ok 40X: Unauthorized/Forbidden |
none |
| Log-in | POST | /sessions/login | 200: OK 40X: Unauthorized/Forbidden |
none |
| Log-out | POST | /sessions/logout | 200: OK 40X: Unauthorized/Forbidden |
bearer token |
| Token Authentication | POST | /sessions/auth | 200: OK 40X: Unauthorized/Forbidden |
bearer token |
| Token Authorization | POST | /sessions/authorize | 200: OK 40X: Unauthorized/Forbidden |
bearer token |
| Userinfo (OAuth 2.0 Claims) |
POST | /users//userinfo | 200: OK 40X: Unauthorized/Forbidden |
bearer token |
| User profile update | POST | /users//profile | 200: OK 40X: Unauthorized/Forbidden |
bearer token |
| User authorization management | POST | /users//authorizations | 200: OK 40X: Unauthorized/Forbidden |
none |
| Action | HTTP method | Path | Response | Requires token | Notes |
|---|---|---|---|---|---|
| root | POST | / | 200 OK 40X: Unauthorized/Forbidden |
none | |
| Log | POST | /log | 200 OK 40X: Unauthorized/Forbidden |
none | |
| User Registration | POST | /api/v1/register/user | 201 Created 400: Bad request |
none | |
| Service Registration | POST | /api/v1/register/service | 201 Created 400: Bad request |
none | |
| User Log-in | POST | /api/v1/login/user | 200: OK 401: Unauthorized |
none | |
| Service Log-in | POST | /api/v1/login/service | 200: OK 401: Unauthorized |
none | |
| Log-out | POST | /api/v1/logout | 204: No Content 401: Unauthorized |
bearer access_token | |
| Token Authentication | POST | /api/v1/authenticate | 200: OK 401: Unauthorized |
bearer id_token | DEPRECATED |
| Token Authorization | POST | /api/v1/authorize | 200: OK 401: Unauthorized |
bearer access_token | |
| Userinfo (OAuth 2.0 Claims) |
POST | /api/v1/userinfo | 200: OK 401: Unauthorized |
bearer access_token | |
| Token Refresh | POST | /api/v1/refresh | DEPRECATED | ||
| User profile update | POST | /api/v1/users/? | WIP | ||
| User authorization management | POST | /api/v1/roles/? | WIP |
-
/api/v1/authorize/?: POST Expected query from Gatekeeper API, e.g./api/v1/authorize?path=/services/&method=GET