Phoenix routes
AccessPass comes with a helper module to generate authentication routes for you like the following.
defmodule TestWeb.Router do
use TestWeb, :router
use AccessPass.Routes #helper module
scope "/" do
access_pass :routes #macro to generate routes
end
end
This will generate the following routes
GET /check
This endpoint is used to check if an access token is expired or as a quick way to get the json stored for the token
Required Params
headers: access-token
GET /refresh
This endpoint is used to get a new access_token with a given refresh_token(this is not expired or revoked)
Required Params
headers: refresh-token
POST /register
This endpoint is used to register a new user
Required Params
body:
{
"username": "username",
"password": "password",
"password_confirm": "password"
"email" : "email",
"meta" : {}
}
Returns:
{"ok":
{"type":"basic",
"refresh_token":"MzU0NjgxM2MtMzE3ZC00YmJmLWJiMDQtZmFhM2Q3Y2RhMzQ4",
"refresh_expire_in"0,
"access_token":"Y2ZkNjZlMDQtYWY1MS00YzhiLTgwNDgtYmRmYjg1ODcyZTFh",
"access_expire_in":300}
}
username,password and email are required. Meta is an optional object to store any data for the user. This object will be what is stored with a users access_token
POST /confirm
This endpoint is used to mark a user account confirmed. Will be linked to in the confirmation email sent out so you can think of this as the callback to that email.
Required Params
body:
{
"confirm_id": "ID that ties this confirmation to the account",
}
POST /login
This endpoint handles user login.
Required Params
body:
{
"username": "username or email case insensitive",
"password": "password"
}
Returns:
{"ok":
{"type":"basic",
"refresh_token":"MzU0NjgxM2MtMzE3ZC00YmJmLWJiMDQtZmFhM2Q3Y2RhMzQ4",
"refresh_expire_in"0,
"access_token":"Y2ZkNjZlMDQtYWY1MS00YzhiLTgwNDgtYmRmYjg1ODcyZTFh",
"access_expire_in":300}
}
POST /reset_password
This endpoint will send a password reset email to an email linked to a username. If no account is found it still returns ok so people can not use this endpoint to fish usernames.
Required Params
body:
{
"username": "username"
}
POST /logout
This endpoint is used to revoke both access and refresh token for this session. In effect logging the user out.
Required Params
headers: access-token
POST /change_password
This endpoint is used as the callback to a password reset. The flow is as follows.
Request password reset
|> Email to form to make new password(link contains password_id
|> On form submit send password_id and new password to this endpoint.
password resets expire 2 hours after sent.
Required Params
body:
{
"password_id": "passwordid",
"password_confirm":"the new password to be set for a user"
"new_password": "the new password to be set for a user"
}
POST /forgot_username
This endpoint is used to have a user's forgotten username emailed to them.
Required Params
body:
{
"email" : "email",
}
Returns:
{"ok": "An email has been sent to you with your username"}