routing.yml

# This file is a part of Wurrd AuthAPI Plugin.
#
# Copyright 2015 Eyong N <eyongn@scalior.com>.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# This file contains custom routes to handle authorization requests

# Notes:
#   1 - All requests return "application/json" content type. However there could be other errors that are 
#       encountered that cause the request to return a different content-type. This is true if the error
#       is encountered in the Mibew core.
#   2 - Every request contains a "message" entry that will be "Success" if the request was successful.
#       "message" will contain other error messages describing the error encountered.


## Routes

# This route provides an interface for the client app to request access to the system on behalf of a user
# The user/client app details are provided in a JSON object in the body of the POST request with the following fields:
#   - username
#   - password
#   - clientid
#   - deviceuuid
#   - type
#   - devicename
#   - platform
#   - os
#   - osversion
#
# All fields are strings. An example is:
# {"username":"admin", "password":"pass", "clientid":"aabbbcccddeee", "deviceuuid":"aaa-uuu-ii", "type":"phone", 
#   "devicename":"iPhone 5s", "platform":"iOS", "os":"iOS", "osversion":"iPhone OS 8"}
#
# Upon success, a JSON object is returned that contains the access tokens and their expiration time. An example is:
# {"accesstoken":"MQAxNDMzODk4NTY0AAqIPqKJQCfLqjQF4K5mGRzDww6hvherSlnYTtVvo9iR","accessexpire":1433898564,"accesscreated":1433894964,
#   "refreshtoken":"MQAxNDM0NDk5NzY0AA3ygVRWSLpnwnzP6oSSNLCFUw8yeFNlBquKBDvQYLyw","refreshexpire":1434499764,"refreshcreated":1433894964,
#   "message":"Success"}
#
# Upon failure the "message" entry will contain details of the failure. Possible messages are:
#   - "BadUsernameOrPassword"
#   - "UnknownError"
wurrd_client_auth_request_access:
    path: /wurrd/auth/requestaccess
    defaults:
        _controller: Wurrd\Mibew\Plugin\AuthAPI\Controller\AuthorizeController::requestAccessAction
    methods: [POST]



# This route provides an interface to check if the provided access token is valid
#
# Possible messages are:
#   - "Success"
#   - "ExpiredAccessToken"
#   - "InvalidAccessToken"
#
wurrd_client_auth_authorized:
    path: /wurrd/auth/authorized/{accesstoken}
    defaults:
        _controller: Wurrd\Mibew\Plugin\AuthAPI\Controller\AuthorizeController::authorizedAction
    methods: [GET]


# This route provides an interface to refresh an access token.
#
# Upon success, both access and refresh tokens are updated and returned to the user in the format listed
# in the request_access comments
# 
# Possible messages are:
#   - "Success"
#   - "ExpiredAccessToken"
#   - "InvalidAccessToken"
#   - "ExpiredRefreshToken"   -- When this happens a brand new request for access is required
#   - "InvalidRefreshToken"
#
wurrd_client_auth_refresh_access:
    path: /wurrd/auth/refreshaccess/{accesstoken}/{refreshtoken}
    defaults:
        _controller: Wurrd\Mibew\Plugin\AuthAPI\Controller\AuthorizeController::refreshAccessAction
    methods: [POST]

# This route provides an interface to drop access from the system.
#
# Possible messages are:
#   - "Success"
#   - "InvalidAccessToken"
#   - "InvalidDevice"  -- if the deviceuuid doesn't match what was provided at login
#
wurrd_client_auth_drop_access:
    path: /wurrd/auth/dropaccess/{accesstoken}/{deviceuuid}
    defaults:
        _controller: Wurrd\Mibew\Plugin\AuthAPI\Controller\AuthorizeController::dropAccessAction
    methods: [DELETE]