Issue Principal Token

Motivation

Issue (create) a new principal token in exchange for valid credentials.

Functional Design

POST /api/v2/apps/{owner}/{app}/auth/login

Headers

Key
Value

Content-Type

application/json

Parameters

Parameter
Type
Description

owner

string

name of a user who owns the application

app

string

name of an application

Body

JSON object:

{
  "login": "login",
  "password": "password"
}

Result

Code
Description
Body

200

OK

Returns an access token, see below

400

Bad Request

error object

401

Unauthorized

error object

409

the profile workspace is not yet ready, repeat the request

error object

429

Too may requests, rate limiting

error object

500+

Server errors / service unavailable

error object

Example result 200:

{
  "principalToken": "abc.def.ghi",
  "expiresInSeconds": 3600, // seconds
  "profileWSID": 1234567890
}

Technical design

Components

  • pkg/router

    • URL path handler ~cmp.routerLoginPathHandler~✅:

      • reads Login and Password from the Body;

      • sends APIPath_Auth_Login request to QueryProcessor;

  • pkg/processors/query2

    • IApiPathHandler implementation for handling APIPath_Auth_Login

      • ~cmp.authLoginHandler~

        1. using login from the argument, generates pseudo-WSID

        2. makes federation post to registry to issue a token

    • newQueryProcessorPipeline: provide API handler for APIPath_Auth_Login

      • ~cmp.provideAuthLoginHandler~

    • openapi:

      • add /auth/login to the list of API paths; ~cmp.provideAuthLoginPath~

      • add PrincipalToken component schema; ~cmp.principalTokenSchema~

  • pkg/sys/it

    • integration test for /login

      • ~it.TestLogin~

PreviousAuthNZNextRefresh Principal Token

Last updated

Was this helpful?