-
Notifications
You must be signed in to change notification settings - Fork 49
Passwordless Authentication
Robert Chen edited this page Feb 16, 2020
·
6 revisions
-
authtokens are for direcrly authenticating against other API routes. -
teamtokens are intended to be shared with other team members, so that they can complete the Team-based login flow. -
verifytokens are sent to a user's email address, and are used to verify that a user controls the address. They expire after 10 minutes, and are used in the Registration and verification-based login flow.
This sends an email to the address contained in .email, with a token of kind verify. If .register is true, then the account must not currently exist. If .register is false, the account must currently exist.
{
"email": "[email protected]",
"name": "team name",
"division": 0, // One of Object.values(config.divisions)
"register": true
}{
"kind": "goodVerifySent",
"message": "The account verification email was sent.",
"data": null
}This endpoint converts the verify token contained within the email sent in the previous step into a team token and an auth token. Each verify token can only be used once.
{
"verifyToken": "abcd"
}{
"kind": "goodVerify",
"message": "The email was verified.",
"data": {
"authToken": "abcd",
"teamToken": "abcd"
}
}The team token can be shared with all members of the team. The auth token can be directly used for authentication with other API endpoints.
This verifies the the passed in teamToken. If successful, it sends the authToken back to the client.
{
"teamToken": "abcd"
}{
"kind": "goodLogin",
"message": "The login was successful.",
"data": {
"authToken": "abcd"
}
}This auth token is equivalent to an auth token obtained from the Registration and verification-based login flow.