SnapX Oauth API Reference

Snapx oauth is a single sign-on application for the snapx platform. Single sign-on means that a user with a single username and password can request and gain access to its related systems. Snapx oauth provides such functionality by enabling user to sign-up from a single app( https://auth.snapxplatform.com) and sign-in to other related apps( https://dapp.snapxplatform.com). The user must provide first name, last name, username, email and password to sign-up and then can use username and password for signing in to any related system. Single sign-on (SSO) is an identification system that allows websites to use other, trusted sites to verify users. This frees businesses from the need to hold passwords in their databases, cuts down on login troubleshooting, and decreases the damage a hack can cause.

API Endpoint
https://auth.snapxplatform.com/api
Schemes: http, https
Version: 0.1.0

Views

Welcome view

GET /

The API renders welcome view. If user is already logged in user information such as username is also rendered. If not, Login button will be rendered on the page.

200 OK

Renders welcome view with some user information.

type
object
Response Content-Types: text/html
Response Example (200 OK)
{
  "username": "dTrum"
}

Login view

GET /login

The API renders login view. Login view consists of a form where user can enter its username and password to login.

200 OK

Login view is rendered.

Response Content-Types: text/html

User

Logout

GET /logout

The API logs out the user from the system and redirects it to the login page.

302 Found

Redirects to login page.

Response Content-Types: text/html

User Info

GET /api/userinfo

The API authenticates the user using passport's bearer strategy which uses bearer token and provides the user_id, name and scope of the user.

200 OK

User information

type
object
Response Content-Types: application/json
Response Example (200 OK)
{
  "user_id": 239,
  "name": "Donald",
  "scope": "*"
}

Login

POST /login

The API implements passport's local strategy and accepts username/email and password from the user. On successful login, user is redirected to the welcome page. On unsuccessful login, the user is redirected again to the login view.

Credentials used to login

username/email: string
password: string
Request Content-Types: application/json
Request Example
{
  "username/email": "dTrum/dTrum@gmail.com",
  "password": "987654"
}
302 Found

If credentials are valid, the user is redirected to welcome page. If not, the user is redirected to the login page.

Response Content-Types: text/html

User(Token based APIs)

User Login

POST /user/login

The API accepts username and password from user, checks if values entered by user are valid or not and issues a json web token.

Credentials used to login

username: string
password: string
Request Content-Types: application/json
Request Example
{
  "username": "dTrum",
  "password": "987654"
}
200 OK

Successful login

type
object
400 Bad Request

Username or password is missing

401 Unauthorized

Invalid credentials

404 Not Found

User not found

Response Content-Types: application/json
Response Example (200 OK)
{
  "token": "uHGdoxhO8JyeOdlniZPg64Rg5oLvRcxL1mib7tH8dyNxZ1FAIB0U4mlq1loFbwZndto0z0TEfoh7D2sQMS3n8OD1efLVbHKBd70Teub6CXZ2V22XsTUv2AtBpbJb4L2BQZXatXzxhLDVEie0Em0XYKWgEMFgbBf5QtkTbARhV8dtdOgswGqAUesQApkee24fSXeJJe8VifprC9jKgV3I8U5UyBmVctpbOzxZ",
  "message": "Logged in successfully"
}

Validate User

POST /user/validate

The API accepts JSON Web Token(JWT) in headers and checks if the given token is valid or not. Required header format is 'Bearer token'

200 OK

Valid user

type
object
400 Bad Request

Authorization header is required

401 Unauthorized

Invalid user

Response Content-Types: application/json
Response Example (200 OK)
{
  "message": "Valid user",
  "data": {
    "id": {
      "type": "string",
      "example": "988"
    },
    "username": {
      "type": "string",
      "example": "Dtrum"
    },
    "iat": {
      "type": "number",
      "example": 114502988
    },
    "exp": {
      "type": "number",
      "example": 114548988
    }
  }
}

User Info

GET /user/info

The API accepts JSON Web Token(JWT) in headers and sends back the user information if token is valid. Required header format is 'Bearer token'

200 OK

User information

type
object
400 Bad Request

Authorization header is required

401 Unauthorized

Invalid user

Response Content-Types: application/json
Response Example (200 OK)
{
  "id": 96,
  "first_name": "Donald",
  "last_name": "Trum",
  "username": "dTrum",
  "email": "trum@gmail.com",
  "user_role": 5,
  "token": 1200,
  "language": 1,
  "email_confirm": 1,
  "country": "99",
  "state": "15",
  "city": "62",
  "contact_number": "1233211232",
  "contact_number_confirm": 1,
  "country_iso_code": 93,
  "dob": "2018-10-10",
  "SocialSecurityNumber": 123,
  "license_id": 1245,
  "license_region": 456,
  "license_expirationDate": "2019-01-10",
  "create_date": "2018-11-23",
  "modify_date": "2018-11-23",
  "view": "",
  "profile_pic": "bloguser.jpeg",
  "banner_img": "Jeremy-Renner-Hawkeye-1-culturageek_com__ar_1.jpg",
  "social_picture_url": "https://plus.google.com/115709573427864870420",
  "gender": 1,
  "personal_headline": "",
  "immigration_status": 2,
  "verify_payment_status": 1,
  "monetization_status": 1,
  "status": 1
}

Authenticate

User authentication

POST /oauth/token

Token middleware handles client requests to exchange authorization grants for access tokens. Based on the grant type being exchanged, the above exchange middleware will be invoked to handle the request. Clients must authenticate when making requests to this endpoint.

Grant(Authorization) code used to request access token.

code: string
redirect_uri: string
client_id: string
client_secret: string
grant_type: string
scope: string
Request Content-Types: application/json
Request Example
{
  "code": "byYDYRmfBoUkdHWx",
  "redirect_uri": "http://dapp.snapxplatform.com",
  "client_id": "snapxmini123",
  "client_secret": "ssh-secret",
  "grant_type": "authorization_code",
  "scope": "offline"
}
200 OK

Access token is issued.

type
object
Response Content-Types: text/html
Response Example (200 OK)
{
  "access_token": "uHGdoxhO8JyeOdlniZPg64Rg5oLvRcxL1mib7tH8dyNxZ1FAIB0U4mlq1loFbwZndto0z0TEfoh7D2sQMS3n8OD1efLVbHKBd70Teub6CXZ2V22XsTUv2AtBpbJb4L2BQZXatXzxhLDVEie0Em0XYKWgEMFgbBf5QtkTbARhV8dtdOgswGqAUesQApkee24fSXeJJe8VifprC9jKgV3I8U5UyBmVctpbOzxZ",
  "token_type": "Bearer"
}

Authorize

User authorization

GET /dialog/authorize

Authorization middleware accepts a validate callback which is responsible for validating the client making the authorization request. In doing so, it is recommended that the redirectUri be checked against a registered value, although security requirements may vary across implementations. Once validated, the done callback must be invoked with a client instance, as well as the redirectUri to which the user will be redirected after an authorization decision is obtained.

redirect_uri: object
in query

URI to which the user will be redirected on clicking Allow or Deny button.

response_type: object
in query

OAuth Authorization Endpoint Response Types

client_id: object
in query

ID of the client app requesting the grant(Permission).

200 OK

Renders dialog view

Response Content-Types: text/html

User decision

POST /dialog/authorize/decision

Decision middleware processes a user's decision to allow or deny access requested by a client application. Based on the grant type requested by the client, the above grant middleware configured above will be invoked to send a response.

Transaction ID which is created when a user provides the grant(Permission) by clicking on the Allow or Deny button.

transaction_id: string
Request Content-Types: application/json
Request Example
{
  "transaction_id": "TPN1qeOK"
}
302 Found

Redirects to dapp.snapxplatform.com based on the decision of the user.

Response Content-Types: text/html

Schema Definitions

user: object

id: int
first_name: string
last_name: string
username: string
email: string
password: string
google_auth_code: string
user_role: int
token: float
2fa_auth: int
language: int
email_confirm: int
email_vrfn_code: string
country: string
state: string
city: string
contact_number: string
contact_number_confirm: int
country_iso_code: int
dob: date
SocialSecurityNumber: string
license_id: string
license_region: string
license_expirationDate: date
create_date: date
modify_date: date
view: text
profile_pic: text
banner_img: string
social_picture_url: text
gender: int
personal_headline: text
immigration_status: int
verify_payment_status: int
monetization_status: int
status: int
Example
{
  "id": 96,
  "first_name": "Donald",
  "last_name": "Trum",
  "username": "dTrum",
  "email": "trum@gmail.com",
  "password": "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12123c923adc6c92",
  "google_auth_code": "WEP4OTCN2KIBQTYY",
  "user_role": 5,
  "token": 1200,
  "2fa_auth": 0,
  "language": 1,
  "email_confirm": 1,
  "email_vrfn_code": "BeITXSjtlO",
  "country": "99",
  "state": "15",
  "city": "62",
  "contact_number": "1233211232",
  "contact_number_confirm": 1,
  "country_iso_code": 93,
  "dob": "2018-10-10",
  "SocialSecurityNumber": 123,
  "license_id": 1245,
  "license_region": 456,
  "license_expirationDate": "2019-01-10",
  "create_date": "2018-11-23",
  "modify_date": "2018-11-23",
  "view": "",
  "profile_pic": "bloguser.jpeg",
  "banner_img": "Jeremy-Renner-Hawkeye-1-culturageek_com__ar_1.jpg",
  "social_picture_url": "https://plus.google.com/115709573427864870420",
  "gender": 1,
  "personal_headline": "",
  "immigration_status": 2,
  "verify_payment_status": 1,
  "monetization_status": 1,
  "status": 1
}