Warning | ||
---|---|---|
| ||
This page is in development and as such, its contents may be incorrect |
Table of Contents |
---|
Easy Heading Free | ||||
---|---|---|---|---|
|
Aspire can be configured to restrict the REST APIs
so that they only can be accessedto grant access only through the use of
authentication tokensAccess Tokens. Any given user or Aspire node must posses a valid
authentication tokenAccess Token before executing any secured REST API.
Any user or Aspire node will be assigned with a role definition that specifies the level of access to the different REST endpoints, as some endpoints might be restricted to certain roles.
The current existing roles are:
The roles are assigned based on the Authentication and Authorization Settings. See Security Settings for information on how to configure this.
Each REST Endpoint have one of the following security roles associated with them:
The following are the possible failure status when calling a REST endpoint
without logging in, or with insufficient permissions:
Response code | Description |
---|---|
401 | Unauthorized Either the Access Token was not provided or invalid |
403 | Forbidden A valid Access Token was provided, but the user does not have the required roles for calling the given endpoint |
The access tokens are JWT tokens, signed with HS256 algorithm. These tokens are either auto-generated by the Aspire nodes, or requested via
thethe /login endpoint.
An example of the JWT Payload generated for the jdoe user looks like this:
Section | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JWT Payload fields
|
Section |
---|
Refresh TokensRefresh tokens are used to obtain a new valid Access Token when the one previously generated is expired. The refresh tokens also expires, but they usually are configured to live longer than their access token counterpart. The Aspire refresh tokens are just other JWT tokens generated with longer expiration time. Look at the /login/refresh endpoint for details on how to use them to obtain a new Access Token. |
Section | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Login Endpoint
RequestRequest Body Parameters
Example
ResponseResponse Body Fields
Example:
In case no authentication is configured, the following response will be returned
Status
A Cookie will also be returned to persist both the access and refresh tokens |
Section | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Basic Login Endpoint
RequestHTTP Headers parameters
Example To login with "user:pass" the Base64 would be dXNlcjpwYXNz
ResponseResponse Body Fields
Example:
In case no authentication is configured, the following response will be returned
Status
A Cookie will also be returned to persist both the access and refresh tokens |
Section | ||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Refresh Endpoint
RequestRequest Body Parameters
Example
ResponseResponse Body Fields
Example:
Status
|
Section | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Revoke Endpoint
RequestRequest Body Parameters
Example
ResponseBlank response Status
|