-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication Config
ianic1999 edited this page Jan 4, 2022
·
1 revision
- App authentication is implemented using JWT tokens.
- User authenticates himself using phone and password
- Session time is 3 hours
- 2 roles: ADMIN and WAITER
- Authentication endpoint:
/api/auth/login
- User logs in in the system using phone and password
- If the authentication succeeds, a jwt token is sent to the user, which is stored in local storage.
- From this point on, every request to the server will contain a header Authorization with the value:
'Bearer {jwt_token}' - Any request is filtered on the backend, if the endpoint is not public and jwt token is invalid, 401 Unauthorized error is thrown
- If the user has not ADMIN role and tries to reach a private endpoint, 401 Unauthorized error is thrown
- POST /api/auth/register
- POST /api/auth/login
- GET /api/menu_items
- GET /api/feedbacks
- POST /api/feedbacks
- POST /api/tables
- PUT /api/tables
- DELETE /api/tables
- POST /api/menu_items
- PATCH /api/menu_items
- DELETE /api/menu_items
- GET /api/users
- DELETE /api/feedbacks
- POST /api/users/activate