auth Routes - SmartBeansGoe/smartbeans-backend GitHub Wiki

/auth-Routes

POST /auth/login/lti

This route should be called by Stud.IP. It accepts the LTI data, verifies it and redirects to the URL specified in the settings file.

Input

LTI data

Output

Redirect to <[email protected]>#<session token>

Errors

  • 400: Wrong input data
  • 401: LTI validation failed
  • 403: LTI is disabled for this user

POST /auth/login/password

Password login.

Input

{
  "username": <String>,
  "password": <String>,
  "course": <String>
}

Output

{
  "token": <String>
}

Errors

  • 400: Wrong input data
  • 401: Wrong password
  • 403: No password set for this user
  • 404: Non-existing user or course

POST /auth/login/debug/<username>/<course>

Debug login. Requires header Authorization: Bearer <[email protected]>.

Input

-

Output

<Session token as string>

Errors

  • 400: Wrong header format
  • 401: Wrong key
  • 403: No key set in Settings.toml
  • 404: Non-existing user or course

DELETE /auth/logout/<token>

Deletes the token from the database. Returns 200, regardless whether the token existed or not.

Input/Output

-

POST /auth/apiToken/<tokenName>

Creates and returns an API token with the provided name. Requires header Authorization: Bearer <valid (session) token>.

Input

-

Output

{
  "apiToken": <String>
}

Errors

  • 400: Invalid header format
  • 401: Invalid token

GET /auth/apiToken

Returns the names of all API tokens for the user. Requires header Authorization: Bearer <valid (session) token>.

Output

[<String>, <String>, ...]

Errors

  • 400: Invalid header format
  • 401: Invalid token

DELETE /auth/apiToken/<tokenName>

Deletes the token with the given name. Requires header Authorization: Bearer <valid (session) token>. Returns 200 on Success.

Input/Output

-

Errors

  • 400: Invalid header format
  • 401: Invalid token

POST /auth/register

Register a new user. Requires header Authorization: Bearer <any auth.password.registration_keys> if auth.password.key_required = true. Returns 200 on Success.

Input

{
  "username": <String>,
  "password": <String>,
  "displayName": <String>
}

Output

-

Errors

  • 400: Invalid header or body format
  • 401: Invalid key (only with auth.password.key_required = true)
  • 403: Username already exists

PUT /auth/ltiEnabled

Changes the LTI status of the user. Requires header Authorization: Bearer <valid (session) token>. Returns 200 on Success.

Input

{
  "ltiEnabled": <bool>
}

Output

-

Errors

  • 400: Invalid header or body format
  • 401: Invalid token

PUT /auth/password

Changes the password of the user. Requires header Authorization: Bearer <valid (session) token>. Returns 200 on Success.

Input

{
  "newPassword": <String>
}

Output

-

Errors

  • 400: Invalid header or body format
  • 401: Invalid token
⚠️ **GitHub.com Fallback** ⚠️