From 905029f8095b526ac1619191095a0138fb443678 Mon Sep 17 00:00:00 2001 From: Sergey Andrievskiy Date: Thu, 29 Aug 2019 15:10:37 +0300 Subject: [PATCH] docs(auth): add backend api endpoints article (#1931) --- docs/articles/auth/backend-api.md | 100 ++++++++++++++++++++++++++++++ docs/structure.ts | 11 ++++ 2 files changed, 111 insertions(+) create mode 100644 docs/articles/auth/backend-api.md diff --git a/docs/articles/auth/backend-api.md b/docs/articles/auth/backend-api.md new file mode 100644 index 0000000000..f4bb3aced6 --- /dev/null +++ b/docs/articles/auth/backend-api.md @@ -0,0 +1,100 @@ +# Backend Auth Endpoints + +
+
Note
+
+ While this page provides description about the API endpoints required to integrate Nebular Auth module with your backend, you can also save time by purchasing a + + backend bundle from Akveo Store + + for your technology. +
+
+ +Your backend API should support the following endpoint to be compatible with out of the box nebular Authentication Strategies: + +- POST method `/auth/login` + + This is the regular login method, used for the first time call with email and password. The received token will be passed as a header on all further API requests. + Input: + ```json + { + "email": "string", + "password": "string" + } + ``` + Output: + ```json + { + "token": "string" + } + ``` + +- POST method `/auth/sign-up` + + This call is to create a new user. Its called after clicking on ‘Register’ button on a Login form. + + Input: + ```json + { + "email": "string", + "password": "string", + "fullName": "string", + "confirmPassword": "string" + } + ``` + Output: + ```json + { + "token": "string" + } + ``` +- POST method `/auth/request-pass` + + This call is used to request a password reset token. The token is not returned as endpoint output. Instead, it’s expected that the user will receive token to reset password in email and use it for the next call. + + Input: + ```json + { + "email": "string" + } + ``` + Output: `Status 200` + +- POST method `/auth/reset-pass` + This call is used to clear sign in information if it exists. In case of fully REST service which doesn’t keep such information at the backend - just return status 200. + + Input: + ```json + { + "email": "string" + } + ``` + Output: `Status 200` + +# Token Validation + +All other endpoints of your API, which are not public, should be protected by token validation. Nebular Auth Module puts JWT token as a header to each request. + +# Sample for pure Node.JS + +This sample shows part of app.js file how to setup the controller to get users data and validate each controller endpoint using [Passport](https://github.com/jaredhanson/passport) module. + +```ts +app.use(`${root}/users`, passport.authenticate('jwt', { session: false }), userController); +``` + +# Sample for Nest.JS framework for Node.JS + +This sample shows how to use [Passport](https://github.com/nestjs/passport/) module for controller calls validation + +```ts +@UseGuards(AuthGuard('jwt')) +export class UserController { } +``` + +Additional information for backend implementation on the subject can be found: +- https://github.com/nestjs/passport/ +- https://github.com/jaredhanson/passport +- https://docs.nestjs.com/techniques/authentication + diff --git a/docs/structure.ts b/docs/structure.ts index 71961243a8..32cfe1a371 100644 --- a/docs/structure.ts +++ b/docs/structure.ts @@ -891,6 +891,17 @@ export const structure = [ }, ], }, + { + type: 'page', + name: 'Backend API endpoints', + children: [ + { + type: 'block', + block: 'markdown', + source: 'auth/backend-api.md', + }, + ], + }, { type: 'page', name: 'NbAuthService',