disable cookie based auth on the API - mostly (#1070)

This commit is contained in:
Devin Howard 2017-02-12 09:54:54 -08:00 committed by Connor Turland
parent 95901e17e8
commit 545706e17a
12 changed files with 27 additions and 27 deletions

View file

@ -13,7 +13,7 @@ securitySchemes:
cookie: !include securitySchemes/cookie.raml cookie: !include securitySchemes/cookie.raml
token: !include securitySchemes/token.raml token: !include securitySchemes/token.raml
oauth_2_0: !include securitySchemes/oauth_2_0.raml oauth_2_0: !include securitySchemes/oauth_2_0.raml
securedBy: [ token, oauth_2_0, cookie ] securedBy: [ token, oauth_2_0 ]
traits: traits:
pageable: !include traits/pageable.raml pageable: !include traits/pageable.raml

View file

@ -1,7 +1,7 @@
#type: collection #type: collection
get: get:
is: [ embeddable: { embedFields: "user,updated_by,map" }, orderable, pageable ] is: [ embeddable: { embedFields: "user,updated_by,map" }, orderable, pageable ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
responses: responses:
200: 200:
body: body:
@ -32,7 +32,7 @@ post:
#type: item #type: item
get: get:
is: [ embeddable: { embedFields: "user,updated_by,map" } ] is: [ embeddable: { embedFields: "user,updated_by,map" } ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
responses: responses:
200: 200:
body: body:

View file

@ -1,7 +1,7 @@
#type: collection #type: collection
get: get:
is: [ searchable: { searchFields: "name, desc" }, embeddable: { embedFields: "user,source,topics,synapses,mappings,contributors,collaborators" }, orderable, pageable ] is: [ searchable: { searchFields: "name, desc" }, embeddable: { embedFields: "user,source,topics,synapses,mappings,contributors,collaborators" }, orderable, pageable ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
queryParameters: queryParameters:
user_id: user_id:
description: | description: |
@ -40,7 +40,7 @@ post:
#type: item #type: item
get: get:
is: [ embeddable: { embedFields: "user,source,topics,synapses,mappings,contributors,collaborators" } ] is: [ embeddable: { embedFields: "user,source,topics,synapses,mappings,contributors,collaborators" } ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
responses: responses:
200: 200:
body: body:

View file

@ -1,7 +1,7 @@
#type: collection #type: collection
get: get:
is: [ searchable: { searchFields: "name" }, orderable, pageable ] is: [ searchable: { searchFields: "name" }, orderable, pageable ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
responses: responses:
200: 200:
body: body:
@ -9,7 +9,7 @@ get:
example: !include ../examples/metacodes.json example: !include ../examples/metacodes.json
/{id}: /{id}:
#type: item #type: item
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
get: get:
responses: responses:
200: 200:

View file

@ -1,7 +1,7 @@
#type: collection #type: collection
get: get:
is: [ searchable: { searchFields: "desc" }, embeddable: { embedFields: "topic1,topic2,user" }, orderable, pageable ] is: [ searchable: { searchFields: "desc" }, embeddable: { embedFields: "topic1,topic2,user" }, orderable, pageable ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
responses: responses:
200: 200:
body: body:
@ -34,7 +34,7 @@ post:
#type: item #type: item
get: get:
is: [ embeddable: { embedFields: "topic1,topic2,user" } ] is: [ embeddable: { embedFields: "topic1,topic2,user" } ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
responses: responses:
200: 200:
body: body:

View file

@ -3,12 +3,14 @@ get:
description: | description: |
A list of the current user's tokens. A list of the current user's tokens.
is: [ searchable: { searchFields: description }, pageable, orderable ] is: [ searchable: { searchFields: description }, pageable, orderable ]
securedBy: [ token, oauth_2_0, cookie ]
responses: responses:
200: 200:
body: body:
application/json: application/json:
example: !include ../examples/tokens.json example: !include ../examples/tokens.json
post: post:
securedBy: [ token, oauth_2_0, cookie ]
body: body:
application/json: application/json:
properties: properties:
@ -22,6 +24,7 @@ post:
example: !include ../examples/token.json example: !include ../examples/token.json
/{id}: /{id}:
#type: item #type: item
securedBy: [ token, oauth_2_0, cookie ]
delete: delete:
responses: responses:
204: 204:

View file

@ -1,7 +1,7 @@
#type: collection #type: collection
get: get:
is: [ searchable: { searchFields: "name, desc, link" }, embeddable: { embedFields: "user,metacode" }, orderable, pageable ] is: [ searchable: { searchFields: "name, desc, link" }, embeddable: { embedFields: "user,metacode" }, orderable, pageable ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
responses: responses:
200: 200:
body: body:
@ -31,7 +31,7 @@ post:
#type: item #type: item
get: get:
is: [ embeddable: { embedFields: "user,metacode" } ] is: [ embeddable: { embedFields: "user,metacode" } ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
responses: responses:
200: 200:
body: body:

View file

@ -1,7 +1,7 @@
#type: collection #type: collection
get: get:
is: [ searchable: { searchFields: "name" }, orderable, pageable ] is: [ searchable: { searchFields: "name" }, orderable, pageable ]
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
responses: responses:
200: 200:
body: body:
@ -9,7 +9,7 @@ get:
example: !include ../examples/users.json example: !include ../examples/users.json
/{id}: /{id}:
#type: item #type: item
securedBy: [ null, token, oauth_2_0, cookie ] securedBy: [ null, token, oauth_2_0 ]
get: get:
responses: responses:
200: 200:

View file

@ -1,3 +0,0 @@
One way to access the API is through your browser. Log into metamaps.cc normally, then browse manually to https://metamaps.cc/api/v2/users/current. You should see a JSON description of your own user object in the database. You can browse any GET endpoint by simply going to that URL and appending query parameters in the URI.
To run a POST or DELETE request, you can use the Fetch API. See the example in the next section.

View file

@ -1,2 +1,2 @@
There are three ways to log in: cookie-based authentication, token-based authentication, or OAuth 2. If you're testing the API or making simple scripts, cookie-based or token-based is the best. If you're developing an app and want users to be able to log into Metamaps inside your app, you'll be able to use the OAuth 2 mechanism. Check the security tab of any of the endpoints above for instructions on logging in. There are two ways to log in: token-based authentication, or OAuth 2. If you're testing the API or making simple scripts, token-based is the best. If you're developing an app and want users to be able to log into Metamaps inside your app, you'll be able to use the OAuth 2 mechanism. Check the security tab of any of the endpoints above for instructions on logging in.

View file

@ -1,25 +1,26 @@
If you are logged into the API via another means, you can create a token. Once you have this token, you can append it to a request. For example, opening a private window in your browser and browsing to `https://metamaps.cc/api/v2/users/current?token=...token here...` would show you your current user, even without logging in by another means. You can create a token by using the API, or you can get your first token at https://metamaps.cc/tokens/new. Once you have this token, you can append it to a request. For example, opening a private window in your browser and browsing to `https://metamaps.cc/api/v2/users/current?token=...token here...` would show you your current user, even without logging in by another means.
To get a list of your current tokens, you can log in using cookie-based authentication and run the following fetch request in your browser console (assuming the current tab is on some page within the `metamaps.cc` website. To get a list of your current tokens (while logged in to the main site), you can run the following fetch request in your browser console (assuming the current tab is on some page within the `metamaps.cc` website. The token you need to append to the url will look something like `T1ZI012rseqF1XZWFBVj4JSXR5g3OpYC`, but this example token won't work for you. You need your own.
``` ```
fetch('/api/v2/tokens', { fetch('/api/v2/tokens', {
method: 'GET', method: 'GET',
credentials: 'same-origin' // needed to use the cookie-based auth credentials: 'same-origin', // needed so the API knows which account you're logged in to
}).then(response => { }).then(response => {
return response.json() return response.json()
}).then(console.log).catch(console.error) }).then(console.log).catch(console.error)
``` ```
If this is your first time accessing the API, this list wil be empty. You can create a token using a similar method: If this is your first time accessing the API, this list wil be empty. You can create a token over the API using a similar method:
``` ```
fetch('/api/v2/tokens', { fetch('/api/v2/tokens?token=T1ZI012rseqF1XZWFBVj4JSXR5g3OpYC', {
method: 'POST', method: 'POST'
credentials: 'same-origin'
}).then(response => { }).then(response => {
return response.json() return response.json()
}).then(console.log).catch(console.error) }).then(payload => {
console.log(payload)
}).catch(console.error)
``` ```
`payload.data.token` will contain a string which you can use to append to requests to access the API from anywhere. `payload.data.token` will contain a string which you can use to append to requests to access the API from anywhere.

View file

@ -1,3 +1,2 @@
description: !include ../pages/cookie_tutorial.md
type: x-cookie type: x-cookie
displayName: Secured by cookie-based authentication displayName: Accessible using cookie-based authentication