@compassdigital/service.user v1.8.4
Digital Hospitality 2.0
Users
Requirements
- node.js 6.*
- mocha (globally)
- serverless (serverless.com)
Installation
npm install
Running locally
npm run offline
Testing
npm test
Deploying
npm run deploy
Sample Calls
- Create a user
POST https://api.compassdigital.org/v1/user
body {
"email": "SOME_EMAIL",
"name": {
"first": "test",
"last": "tester"
},
"phone": 5559991233,
"birthday": "Thu Dec 14 2017 14:14:18 GMT-0500 (EST)",
"password": "SOME_PASSWORD"
}
Using Authorization Tokens
There are two types of authorization tokens: 1) access tokens: short lived and passed to API endpoints via a header "Authorization: Bearer ACCESSTOKEN" to access a protected resource. You can think of access tokens like a session. 2) refresh tokens: longer lived and passed to _POST /user/auth to generate a new access token and refresh token when needed. You can think of refresh tokens like a password; hence, they should be stored in a very secure place.
NOTE: whenever a new refresh token is generated, the old refresh token will no longer be valid immediately. However, access tokens will remain valid until their expiration date.
Below is the lifecycle of the authentication tokens of the User service. Assumes that a user has already been created with a username and password.
- Get tokens with the email and password the user logged-in with
GET https://api.compassdigital.org/v1/user/auth/
header {
Authorization: Basic BASIC_TOKEN_ENCODED_WITH_EMAIL_PASSWORD
}
Response:
{
access:
{
token: "JKBYUIJKBHDSGKDKJLSN",
expires: "2018-01-16T20:35:30.731Z"
},
refresh:
{
token: "NJHFJDFJDHUFHDKJSFHJ"
expires: "2018-01-22T20:35:30.774Z"
}
}
- Get details of the current user (protected behind permissions)
GET https://api.compassdigital.org/v1/user/
header {
Authorization: Bearer JKBYUIJKBHDSGKDKJLSN
}
- Get an order created by the current user (protected behind permissions)
GET https://api.compassdigital.org/v1/order/12345
header {
Authorization: Bearer JKBYUIJKBHDSGKDKJLSN
}
When the access token JKBYUIJKBHDSGKDKJLSN expires, 401 errors will be returned by the API. The access token will no longer be able to access any resources that require authenticate.
However, if the refresh token NJHFJDFJDHUFHDKJSFHJ has not expired, it can be used to generate a new access token.
- Generate a new access token
POST https://api.compassdigital.org/v1/user/auth
body {
refresh_token: NJHFJDFJDHUFHDKJSFHJ
}
Response:
{
access:
{
token: "IUERIUEYREREEREEREEER",
expires: "2018-01-16T20:35:30.731Z"
},
refresh:
{
token: "ARTWREFWDGHSJADSSDDSD"
expires: "2018-01-22T20:35:30.774Z"
}
}
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago