reym
Auth

Token Generation

Learn how to use the Auth service to authenticate and generate a JWT

To obtain a token, the following steps are key:

  1. Authentication
  2. Authorization

1. Authentication

The following sequence diagram illustrates the authentication process:

Create a frontend form to POST /login with the following form parameters:

  • Form Param tenant_id=<tenant-id>
  • Form Param redirect_uri=<redirect-uri>
  • Form Param identifier=<id|username|email>
  • Form Param password=<password>

The response will redirect to the redirect_uri with the following query parameters:

ParameterDescription
errorString value that describes a potential error. This parameter is only present if an error occurred.

2. Authorization

The following sequence diagram illustrates the authorization process:

Generate the authorization code

Steps 1, 2 and 4 from the diagram are combined in the following process.

As Step 1, issue a GET request to /authorize with the following headers and query parameters:

  • Query tenant_id=<tenant-id>
  • Query response_type=code
  • Query state=<random-state>
  • Query redirect_uri=<redirect-uri>

The response is delivered in Step 2 and redirects (Step 4) to the redirect_uri with the following query parameters:

ParameterDescription
errorString value that describes a potential error. This parameter is only present if an error occurred.
codeString value that represents the authorization code. This parameter is only present if no error occurred.
stateString value that represents the state. This parameter is only present if no error occurred.

Check the state

Step 3 from the diagram is crucial for security reasons.

The returned state must match the one sent in the request. If it does not match, the request must be aborted.

Exchange the authorization code for a token

Steps 5, 6 and 7 from the diagram are combined in the following process.

Send a backend request to POST /token with the following header and form parameters:

  • Header Content-Type: application/x-www-form-urlencoded
  • Form Param grant_type=authorization_code
  • Form Param tenant_id=<tenant-id>
  • Form Param client_secret=<jwt-secret>
  • Form Param code=<value-from-redirect-query-param-code>

The response will contain the following query parameter:

ParameterDescription
access_tokenA string that represents the access token (JWT).

GraphQL API

Documentation of the GraphQL API of the Auth service

Introduction

Apply GraphQL Schema Configuration to Freym