2

I created an Aqueduct project using aqueduct create -t db_and_auth but I did not understand how registration and authentication with OAuth 2.0 works. Can someone explain how to register from OAuth2.0 and DB template auto-created by aqueduct and what steps I have to do to register and then authenticate?

Gabriel Pacheco
  • 309
  • 3
  • 10

1 Answers1

3

From a client application, you POST /register with a JSON payload containing a user. Depending on what version of the template you have, this may just be {"username": "bob", "password": "password"} - check the definition of your _User type.

When you are authenticating an already existing user, you invoke POST /auth/token and pass the username, password and other required fields as x-www-form-urlencoded data. The format of that request - written in Dart code - is here: http://aqueduct.io/docs/auth/controllers/.

Whether you are registering a new user or authenticating an existing user, you have to provide a client identifier (and optionally client secret) as a Basic Authorization header. The client identifier must have already been registered with your application and stored in its database.

To store client identifiers in a database, you'll need to first run your application's database migrations on a database instance (see http://aqueduct.io/docs/db/db_tools/ for running database migrations). This will create tables to store OAuth 2.0 client identifiers and tokens.

Then you'll need to add OAuth2.0 client identifiers to your database. This is best accomplished using the aqueduct auth CLI, and there is documentation on it here: http://aqueduct.io/docs/auth/cli/.

Joe Conway
  • 1,566
  • 9
  • 8
  • Can you show an example of POST /register payload? I'm trying to POST but it responds 401 Unauthorized. Thanks. – Gabriel Pacheco Sep 24 '18 at 19:01
  • My template have email and password fields, username inherited. – Gabriel Pacheco Sep 24 '18 at 19:08
  • 1
    If POST /register is unauthorized, you'll need to add the base64 encoded client identifier and client secret in a Basic authorization header (its the same as shown here http://aqueduct.io/docs/auth/controllers/). Check the tests in `test/register_test.dart` in the template for an example payload. – Joe Conway Sep 25 '18 at 14:05
  • 1
    Also, the Slack channel is a good place to get faster feedback: http://slackaqueductsignup.herokuapp.com/ – Joe Conway Sep 25 '18 at 14:05
  • Thank you, helped me a lot. I'm already in your Slack channel! – Gabriel Pacheco Sep 26 '18 at 18:44
  • What about login with facebook? Is there a way to override /auth/token and use a facebook code instead of username/password? – Jared Green Aug 12 '20 at 23:03