Updated adminAuth Credential Authentication (markdown)

Nick O'Leary 2015-03-17 15:28:21 +00:00
parent d7132f02d5
commit 01c5ae9d5b
1 changed files with 10 additions and 0 deletions

@ -24,3 +24,13 @@ More concretely, with example curl invocations:
curl --data 'token=agm6RUh6jmEPApI8eO25uW1X3A7tYBJxzKe9Z0sIEYdhTTy5Rzh3uBUTCawxgAmHFaqNL0gxH9wijA12BslxOwo9eouqwOnQ1tYjpqTnH8EWRZfw7dtQDX21owA9KiPR' -H "Authorization: Bearer agm6RUh6jmEPApI8eO25uW1X3A7tYBJxzKe9Z0sIEYdhTTy5Rzh3uBUTCawxgAmHFaqNL0gxH9wijA12BslxOwo9eouqwOnQ1tYjpqTnH8EWRZfw7dtQDX21owA9KiPR" http://localhost:1880/auth/revoke
### Access the editor
When the Editor attempts to access the API, it checks for an access_token in localStorage. If one is found, it automatically provides it with any subsequent request.
In what will be released as 0.10.5 (and already in git master), it also checks the query parameters for one called `access_token` - if that is found, that is used in place of anything found in localStorage. This allows a system that has already obtained a token through some other means to direct a user to the UI without requiring them to enter their credentials again. NB: if such a query parameter is found, after storing the token in localStorage, the page is reloaded to remove the query parameters.
If no access_token is found, it attempts to access `/settings`. If that succeeds, it proceeds to provide anonymous access to the editor. Otherwise, it does a GET request to `/auth/login` to get details of the require authentication scheme. Currently, only `credentials` is supported - but may, in the future, indicate other types of authentication such as `oauth`.
It then prompts the user for their details and performs the POST to `/auth/token` to get an access_token.