Authentication Module

Introduction

The authentication component allows applications to authenticate that a user does in fact own an email address that they claim. Once this flow is completed, an auth token is issued, which allows the application to access resources on that user’s behalf.

User authentication flow diagram in PlantUML

Glossary

Application Token

Issued when a user registers an application. Requires verification of the application’s contact email address before the token is marked valid. Allows for accessing application-level resources. Required in order to request an auth token.

Auth Token

Issued when a client application requests one. Scoped to a single email address, which is verified before the token is marked valid. Allows for requesting resources on behalf of the provided email address.

Validation Token

Used for email validation. Sent in a link to the specified email when an auth token is requested, or to the application contact email when an application token is requested.

Endpoints

POST /auth

Given an authentication token, returns a person profile OR a message stating the token is invalid

Parameters:
  • token (str) – The authentication token to check.
POST /auth/token

Returns an access token against an email address which will be valid once the specified email address is verified (by clicking a link in an email sent to it)

If called multiple times, will simply return the same auth token.

Parameters:
  • email (str) – Email address to validate and return an access token for.
  • apptoken (str) – An application token verifying that the calling application has registered itself, provided a contact, agreed to the Olin API Honor code, etc.
DELETE /auth/token

Deletes an access token record, rendering the associated token invalid and allowing for re-issuing a token.

Parameters:
  • email (str) – Email for the token to delete.
  • apptoken (str) – An application token verifying that the calling application has registered itself, provided a contact, agreed to the Olin API Honor code, etc.
GET /auth/token/validate/(token)

Given a validation token (what is sent in an email to the token requester’s email address), check that it is good, then mark the corresponding token as valid