A microservice for session based authentication using JSON web tokens and a Neo4j database for session based management.
This service is intended to be accessed by the API to authenticate RESTless API requests. It is advised that you run this inside a docker container (or similar) to control access. Do not run this API publicly.
To effectively use this microservice, ensure your API does the following:
-
Call 'verify token' before allowing privileged API functionality
-
Check token expiry and 'PATCH' token if expiry date is nearing
-
Invalidate token when user logs out
Users and sessions are stored in a Neo4j database. As of present, expired sessions are not automatically deleted from the database. Sessions have been abstracted from the API for simplicity. Tokens are seen as being either valid, invalid, blacklisted or expired.
See private/config.js to configure JSON web token and Neo4j settings.
Create a new user for authentication purposes.
/auth/user
POST
Required
-
username=[String]
-
password=[String]
-
Status:
201
-
Message:
Success
-
Status:
400
-
Message:
Username validation failed
or
-
Status:
400
-
Message:
Password validation failed
or
-
Status:
409
-
Message:
User already exists
or
-
Status:
500
-
Message:
Unknown server error
Change the password of an existing user.
/auth/user
PATCH
Required
-
username=[String]
-
password=[String]
-
Status:
201
-
Message:
Success
-
Status:
400
-
Message:
Username validation failed
or
-
Status:
400
-
Message:
Password validation failed
or
-
Status:
500
-
Message:
Unknown server error
Validate user credentials and return token.
/auth
POST
Required
-
username=[String]
-
password=[String]
-
Status:
200
-
Message:
Success
-
Status:
400
-
Message:
User does not exist
or
-
Status:
401
-
Message:
Bad credentials
or
-
Status:
500
-
Message:
Unknown server error
Verify token is valid and, if so, return username of token owner.
/auth
GET
Required
token=[String]
-
Status:
200
-
Username:
[username]
-
Status:
400
-
Message:
Token must be provided
or
-
Status:
400
-
Message:
Token is invalid
or
-
Status:
401
-
Message:
Token is expired
or
-
Status:
401
-
Message:
Token is blacklisted
or
-
Status:
500
-
Message:
Unknown server error
Create new token from existing valid token
/auth
PATCH
Required
token=[String]
-
Status:
200
-
Token:
[token string]
-
Status:
400
-
Message:
Token must be provided
or
-
Status:
400
-
Message:
Token is invalid
or
-
Status:
401
-
Message:
Token is expired
or
-
Status:
401
-
Message:
Token is blacklisted
or
-
Status:
500
-
Message:
Unknown server error
Blacklist token
/auth
DELETE
Required
token=[String]
-
Status:
200
-
Message:
Success
-
Status:
400
-
Message:
Token must be provided
or
-
Status:
400
-
Message:
Token is invalid
or
-
Status:
401
-
Message:
Token is expired
or
-
Status:
401
-
Message:
Token is blacklisted
or
-
Status:
500
-
Message:
Unknown server error