-
Notifications
You must be signed in to change notification settings - Fork 25
User Authentication
Allows one-time authenticated access for initial mobile application logins. Returns the user's hashed password if authentication is successful.
user/auth
Anyone may access this API.
- (r) user = The username of the user attempting to login.
- (r) password = The password of the user attempting to login.
- (r) client = The client name of the device performing the action (e.g., ohmage-android)
POST /app/user/auth HTTP/1.1
Host: dev.ohmage.org
User-Agent: Mozilla/5.0 (Linux; U; Android 1.0; en-us; ...) ...
Content-Length: byte-length-of-content
Content-Type: application/x-www-form-urlencoded
user=user&password=password&client=ohmage-android
curl -v -d "user=josh.test&password=password&client=curl" http://localhost:8080/app/user/auth
{
"result" : "success",
"hashed_password": "42..."
}
See the error page for a description of error codes and their associated descriptions.
Generates an authentication token that can be used across multiple client requests. The duration of the authentication token is determined by server configuration. All API requests to the ohmage server must be authenticated. The authentication token serves as a stateful proxy in lieu of having to store sensitive user information in a browser cookie.
user/auth_token
Anyone may access this API.
- (r) user = The username of the user attempting to login.
- (r) password = The password of the user attempting to login.
- (r) client = The client name of the device performing the action (e.g., ohmage-android)
POST /app/user/auth_token HTTP/1.1
Host: dev.ohmage.org
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Content-Length: byte-length-of-content
Content-Type: application/x-www-form-urlencoded
user=user&password=password&client=ohmage-gwt
curl -v -d "user=temp.user&password=temp.user&client=curl" https://dev.mobilizingcs.org/app/user/auth_token
{
"result" : "success",
"token": "1234567890"
}
See the error page for a description of error codes and their associated descriptions.
Expires an authentication token.
user/logout
Anyone may access this API.
- (r) client = The client name of the device performing the action (e.g., ohmage-android)
POST /app/user/logout HTTP/1.1
Host: dev.ohmage.org
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Content-Length: byte-length-of-content
Content-Type: application/x-www-form-urlencoded
client=ohmage-gwt&auth_token=f0d68da0-8a65-11e1-93c2-c3f583aee15b
curl -v -d "client=curl&auth_token=f0d68da0-8a65-11e1-93c2-c3f583aee15b" https://dev.ohmage.org/app/user/logout
{
"result" : "success"
}
See the error page for a description of error codes and their associated descriptions.
Allows a client with an auth token to determine who the currently logged-in user is.
user/whoami
Anyone may access this API.
- (r) client = The client name of the device performing the action (e.g., ohmage-android)
POST /app/user/whoami HTTP/1.1
Host: dev.ohmage.org
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Content-Length: byte-length-of-content
Content-Type: application/x-www-form-urlencoded
Cookie:auth_token=b1e89a75-faca-485c-ac84-ecef000d653f
client=ohmage-gwt
curl -v --cookie "auth_token=b1e89a75-faca-485c-ac84-ecef000d653fd" "client=curl" https://dev.ohmage.org/app/user/whoami
{
"result" : "success",
"username" : "ohmage.dev"
}
See the error page for a description of error codes and their associated descriptions.