Bearer Token based Authentication

Introduction

ASRR uses bearer tokens for authentication in our web apps. The Bearer Token is a JSON Web Token (JWT) that serves as a secure way to access protected resources within the system. Users must include this token in the Authorization header of their API requests to authenticate themselves.

Example Authorization Header: Authorization: Bearer eyJhbGciOiJIUzUxMiJ9...<token_data>...H9ju9Ivgii5Oas307eQhVzKi_X6CufRcKezvj7xbzaU8abuqYBDLyg

1. Obtaining a token

To get a token, you need to send a POST request to the /auth/login endpoint with the following body:

{
    "email": "<your email>",
    "password": "<your password>"
}

This will return the following response:

{
  "id": "AAABiQJlSBsJKWPO",
  "username": "amar.ramdas@asrr.nl",
  "accessToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJBQUFCaVFKbFNCc0pLV1BPLGFtYXIucmFtZGFzQGFzcnIubmwiLCJyb2xlcyI6WyJBRE1JTiIsIlNVUEVSX0FETUlOIl0sImlzcyI6ImFzcnIubmwiLCJpYXQiOjE2OTY4NDk0ODIsImV4cCI6MTY5Njg3MTA4Mn0.Zbt8gG27XI2eeBYrLHyxIWNlG7u9vuLtH9ju9Ivgii5Oas307eQhVzKi_X6CufRcKezvj7xbzaU8abuqYBDLyg",
  "refreshToken": "6eb27168-5e19-4d2b-9ded-4ff873a36168",
  "accessExpiresUnix": 1696871082110
}

You can use the accessToken to access protected resources. The refreshToken is used to get a new accessToken when the current one expires. To do so, send a GET request to /auth/refresh/{refreshToken}. This will return a new accessToken and refreshToken in the same format as above.

2. Using the token

To use the token, you need to send it in the Authorization header of your request. The header should look like this:

curl -X 'POST' \
  'http://localhost:8080/api/v1/tenant/roles' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <admin_bearer_token>' \
  -H 'Content-Type: application/json' \
    -d '{
    "name": "admin",
    "description": "Admin role"
}'

Bearer token should generally be used in web apps. For access in your CLI, you can use the accessToken as a query parameter in your request. More info on this can be found here.