Authentication Module
¶
Introduction¶
The authentication component allows applications to authenticate that a user does in fact own an email address that they claim. Once this flow is completed, an auth token is issued, which allows the application to access resources on that user’s behalf.
Glossary¶
Application Token¶
Issued when a user registers an application. Requires verification of the application’s contact email address before the token is marked valid. Allows for accessing application-level resources. Required in order to request an auth token.
Auth Token¶
Issued when a client application requests one. Scoped to a single email address, which is verified before the token is marked valid. Allows for requesting resources on behalf of the provided email address.
Validation Token¶
Used for email validation. Sent in a link to the specified email when an auth token is requested, or to the application contact email when an application token is requested.
Endpoints¶
-
POST
/auth
¶ Given an authentication token, returns a person profile OR a message stating the token is invalid
Parameters: - token (str) – The authentication token to check.
-
POST
/auth/token
¶ Returns an access token against an email address which will be valid once the specified email address is verified (by clicking a link in an email sent to it)
If called multiple times, will simply return the same auth token.
Parameters: - email (str) – Email address to validate and return an access token for.
- apptoken (str) – An application token verifying that the calling application has registered itself, provided a contact, agreed to the Olin API Honor code, etc.
-
DELETE
/auth/token
¶ Deletes an access token record, rendering the associated token invalid and allowing for re-issuing a token.
Parameters: - email (str) – Email for the token to delete.
- apptoken (str) – An application token verifying that the calling application has registered itself, provided a contact, agreed to the Olin API Honor code, etc.
-
GET
/auth/token/validate/
(token)¶ Given a validation token (what is sent in an email to the token requester’s email address), check that it is good, then mark the corresponding token as valid