Skip to content
This repository was archived by the owner on Nov 7, 2019. It is now read-only.

Authentication

Jump to bottom
Nico Hauser edited this page Oct 30, 2016 · 15 revisions

Authentication is possible with

Local Authentication

Local Registration

URL: /v1/register

Method: POST

  • first_name : The users first name. This will be the display name.
  • email : The users email
  • preferredLocale (optional) : This users language. By default the requests settings will be read.

On success this returns the user object and sends an email with the verification link. On failure, an error object is returned.

Local Mail Verification

URL /v1/verify-email

Method: GET

  • email : The users email
  • mailVerificationCode : The verification code
  • password : The desired password [Min: 8, Max: 255]

Returns {success: true} on a success and an error object on failure.

Local Login

URL: /v1/auth/local/login/:app_id

Method: POST

Parameters:

  • username : The users email
  • password : The users password

The app_id is required because simply doing res.header("Access-Control-Allow-Origin", "*"); would enable hackers to perform CSRF by for example calling /v1/auth/google/login in a hidden ajax request / iframe and then simply retrieving the auth token if the user was already logged in.

Facebook, Twitter, Google

URL: /v1/auth/{facebook|twitter|google}/login/:app_id

Method: GET

Parameters: None

Retrieve AuthToken [NOT WORKING YET]

All authentication methods will do a GET-Request on the callback URL with the following parameters:

  • success (boolean) Whether the authentication succeeded.
  • authToken (String) The auth token.
  • error (Object) An error object on failure or null on success

Clone this wiki locally