@compassdigital/service.user NPM

Digital Hospitality 2.0

Users

Requirements

node.js 6.*
mocha (globally)
serverless (serverless.com)

Installation

npm install

Running locally

npm run offline

Testing

npm test

Deploying

npm run deploy

Sample Calls

Create a user

POST https://api.compassdigital.org/v1/user
body {
	"email": "SOME_EMAIL",
	"name": {
		"first": "test",
		"last": "tester"
	},
	"phone": 5559991233,
	"birthday": "Thu Dec 14 2017 14:14:18 GMT-0500 (EST)",
	"password": "SOME_PASSWORD"
}

Using Authorization Tokens

There are two types of authorization tokens: 1) access tokens: short lived and passed to API endpoints via a header "Authorization: Bearer ACCESSTOKEN" to access a protected resource. You can think of access tokens like a session. 2) refresh tokens: longer lived and passed to _POST /user/auth to generate a new access token and refresh token when needed. You can think of refresh tokens like a password; hence, they should be stored in a very secure place.

NOTE: whenever a new refresh token is generated, the old refresh token will no longer be valid immediately. However, access tokens will remain valid until their expiration date.

Below is the lifecycle of the authentication tokens of the User service. Assumes that a user has already been created with a username and password.

Get tokens with the email and password the user logged-in with

GET https://api.compassdigital.org/v1/user/auth/
header {
	Authorization: Basic BASIC_TOKEN_ENCODED_WITH_EMAIL_PASSWORD
}

Response:

{
	access: 
	{
		token: "JKBYUIJKBHDSGKDKJLSN",
		expires: "2018-01-16T20:35:30.731Z"
	},
	refresh: 
	{
		token: "NJHFJDFJDHUFHDKJSFHJ"
		expires: "2018-01-22T20:35:30.774Z"
	}
}

Get details of the current user (protected behind permissions)

GET https://api.compassdigital.org/v1/user/
header {
	Authorization: Bearer JKBYUIJKBHDSGKDKJLSN
}

Get an order created by the current user (protected behind permissions)

GET https://api.compassdigital.org/v1/order/12345
header {
	Authorization: Bearer JKBYUIJKBHDSGKDKJLSN
}

When the access token JKBYUIJKBHDSGKDKJLSN expires, 401 errors will be returned by the API. The access token will no longer be able to access any resources that require authenticate.

However, if the refresh token NJHFJDFJDHUFHDKJSFHJ has not expired, it can be used to generate a new access token.

Generate a new access token

POST https://api.compassdigital.org/v1/user/auth
body {
	refresh_token: NJHFJDFJDHUFHDKJSFHJ
}

Response:

{
	access: 
	{
		token: "IUERIUEYREREEREEREEER",
		expires: "2018-01-16T20:35:30.731Z"
	},
	refresh: 
	{
		token: "ARTWREFWDGHSJADSSDDSD"
		expires: "2018-01-22T20:35:30.774Z"
	}
}

@compassdigital/service

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago