Navak/navak-docs
5
0
Code Issues Projects Packages Wiki Activity Actions
Page: How to use authentication
Pages
Diagrams How to use authentication Notes
3 How to use authentication
yun edited this page 2026-03-08 23:56:30 +01:00
Table of Contents

Creating an account

As simple as calling the route

curl -H 'Content-Type: application/json' -X POST 'http://127.0.0.1:3000/auth/registration' -d '{"username": "<USERNAME>", "session_platform": "cURL"}'

You may specify an email address too (can be added or edited later too; needed to login on other devices)

curl -H 'Content-Type: application/json' -X POST 'http://127.0.0.1:3000/auth/registration' -d '{"username": "<USERNAME>", "email": "<EMAIL>", "session_platform": "cURL"}'
  • session_platform is a field to indentify the client to the server (to help the user recognise different sessions of differents clients).

The route returns a session token

{
    "session_token": "nUrFGl-tfQ_tCBupuhUPAkcgjA3-qnYZevJrQ-rrWLqDi3vN44rJxULHeLN2VADq2_D5vZYDgyMIVnSJt9BwlmmKjLRNP2qOaQTz1HJ7U0Heh34kx3_rqPAqls1x4qwZFwS0qAexqkF-nU8l_koR41H4OSrK3Ef_6ZYDPxBBfXdEZtDAuvHtHzgv3_382wFvY7ospg1C53XERuojDCUEPCjytwOStmhjGm1NCMrOftpB4Fpp5THL_0qj6xk-VuE4kfxISpzeG86COYq8ThO7ldmx1OIS056XJAsukzNixRnuopqfT7Waw4CpXTQh5ike6dMAkCZd63QGyg5_mGSqOw=="
}

Opening a new session (login on another device)

Warning: only possible on accounts with a registered email address

First, the client starts a login procedure

curl "<API_BASE_URL>/auth/login" -H 'Content-Type: application/json' -d '{"username": "<USERNAME>", "email": "<EMAIL>", "session_platform": "cURL"}'

The server returns this

{
 "expiration_date": 1771877304,
 "auth_id": "45314ce9-74c8-48dd-9094-0bcf980f335b"
}

The user will receive a confirmation email with a link.

Meanwhile the client should poll the session route to wait for the session token

curl "http://127.0.0.1:3000/auth/session/45314ce9-74c8-48dd-9094-0bcf980f335b"

The route will first fail with a 400 Bad Request and an error message :

{
    "error": "The auth id is invalid, expired, or not yet authorized"
}

After the user confirmed the login, the route will instead return the session token

{
    "session_token": "nUrFGl-tfQ_tCBupuhUPAkcgjA3-qnYZevJrQ-rrWLqDi3vN44rJxULHeLN2VADq2_D5vZYDgyMIVnSJt9BwlmmKjLRNP2qOaQTz1HJ7U0Heh34kx3_rqPAqls1x4qwZFwS0qAexqkF-nU8l_koR41H4OSrK3Ef_6ZYDPxBBfXdEZtDAuvHtHzgv3_382wFvY7ospg1C53XERuojDCUEPCjytwOStmhjGm1NCMrOftpB4Fpp5THL_0qj6xk-VuE4kfxISpzeG86COYq8ThO7ldmx1OIS056XJAsukzNixRnuopqfT7Waw4CpXTQh5ike6dMAkCZd63QGyg5_mGSqOw=="
}