Skip to content

User Authentication

Jump to bottom
joshuaselsky edited this page Mar 20, 2012 · 13 revisions
*** # Stateless Authentication ***

What does it do?

Allows one-time authenticated access for initial mobile application logins. Returns the user's hashed password if authentication is successful.

URI

user/auth

Access Rules

Anyone may access this API. It helps if they are already a user in the system.

Input Parameters

  • (r) user = The username of the user attempting to login.
  • (r) password = The password of the user attempting to login.
  • (r) client = The client name of the device performing the action (e.g., ohmage-android)

Example POST

POST /app/user/auth HTTP/1.1
 Host: dev.ohmage.org
 User-Agent: Mozilla/5.0 (Linux; U; Android 1.0; en-us; ...) ...
 Content-Length: byte-length-of-content
 Content-Type: application/x-www-form-urlencoded

 user=user&password=password&client=ohmage-android

cURL Example

curl -v -d "user=josh.test&password=password&client=curl" http://localhost:8080/app/user/auth

Output Format

Success

{
   "result" : "success",
   "hashed_password": "42..."
}

Failure

See the error page for a description of error codes and their associated descriptions.

Back to Top

Stateful Authentication

What does it do?

Generates an authentication token that can be used across multiple client requests. The duration of the authentication token is determined by server configuration. All API requests to the ohmage server must be authenticated. The authentication token serves as a stateful proxy in lieu of having to store sensitive user information in a browser cookie.

URI

user/auth_token

Access Rules

Anyone may access this API. It helps if they are already a user in the system.

Input Parameters

  • (r) user = The username of the user attempting to login.
  • (r) password = The password of the user attempting to login.
  • (r) client = The client name of the device performing the action (e.g., ohmage-android)

Example POST

POST /app/user/auth_token HTTP/1.1
 Host: dev.ohmage.org
 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
 Content-Length: byte-length-of-content
 Content-Type: application/x-www-form-urlencoded

 user=user&password=password&client=ohmage-gwt

cURL Example

curl -v -d "user=temp.user&password=temp.user&client=curl" https://dev.mobilizingcs.org/app/user/auth_token

Output Format

Success

{
   "result" : "success",
   "token": "1234567890"
}

Failure

See the error page for a description of error codes and their associated descriptions.

Clone this wiki locally