Issue Principal Token (Login)
Motivation
Issue (create) a new principal token in exchange for valid credentials.
Functional Design
POST /api/v2/apps/{owner}/{app}/auth/login
Headers
| Key | Value |
|---|---|
| Content-Type | application/json |
Parameters
| Parameter | Type | Description |
|---|---|---|
| owner | string | name of a user who owns the application |
| app | string | name of an application |
Body
JSON object:
{
"login": "login",
"password": "password"
}
Result
| Code | Description | Body |
|---|---|---|
| 200 | OK | Returns an access token, see below |
| 400 | Bad Request | error object |
| 401 | Unauthorized | error object |
| 409 | the profile workspace is not yet ready, repeat the request | error object |
| 429 | Too may requests, rate limiting | error object |
| 500+ | Server errors / service unavailable | error object |
Example result 200:
{
"principalToken": "abc.def.ghi",
"expiresInSeconds": 3600, // seconds
"profileWSID": 1234567890
}
Technical design
Components
- pkg/router
- URL path handler
~cmp.routerLoginPathHandler~covrd1✅:- reads Login and Password from the Body;
- sends
APIPath_Auth_Loginrequest to QueryProcessor;
- URL path handler
- pkg/processors/query2
IApiPathHandlerimplementation for handlingAPIPath_Auth_Login~cmp.authLoginHandler~covrd2✅- using login from the argument, generates pseudo-WSID
- makes federation post to registry to issue a token
newQueryProcessorPipeline: provide API handler forAPIPath_Auth_Login~cmp.provideAuthLoginHandler~covrd3✅
- openapi:
- pkg/sys/it
- integration test for /login
~it.TestLogin~covrd6✅
- integration test for /login