User Tools


User Log-on operation

Back to JEA API docs


User authentication and authorization is performed by JEA using the JSON Web Tokens (JWT) mechanism. If the client does not yet hold a valid JWT, the Log-on operation must be called to retrieve one. Without a valid JWT, all other transactions will be rejected with HTTP 401 Unauthorized error code.

The user's credential to be sent to the JEA server include the registered email address and the password.

Synopsis

User credential object

{
    "email": "yi@jeplus.org",
    "password": "********"
}

Authorization return object

A successful authorization return object contains the status flag, message, user's name, email address, and a new JWT, as shown in the example below.

{
    "ok": true,
    "status": "Logged in successfully!",
    "jwt": "eyJraWQiOiIxNTAyMzE2M......jdrg",
    "user": "Yi",
    "email": "yi@jeplus.org"
}

Authorization Failed object

{
    "ok": false,
    "status": "No matching username and password pair was found!"
}

Example using curl://

Send the check-in command using curl:

curl  -H 'Content-Type: application/json' -X POST -d '{"email": "yi@jeplus.org", "password": "********"}' http://jea.ensims.com/users/api/auth

If logged on successfully, an Auth return object with 'OK' status will be received with a new JWT. If the user's email address and the password do not match any record on the server, an Auth Failed object will be returned.

Example using Python Requests

Make sure Requests is correctly installed in your Python environment, and run the following the lines:

import requests

headers = {'Content-Type': 'application/json'}
body = {"email": "yi@jeplus.org", "password": "********"}

r = requests.post('http://jea.ensims.com/users/api/auth', headers=headers, json=body)
  
r.json()

Successful operation will return the JSON content such as the following:

{'email': 'yi@jeplus.org',
 'jwt': 'eyJraWQiOiIxNTAyMzE2MzY...O2CN4QDLxM2eUolgak9w',
 'ok': True,
 'status': 'Logged in successfully!',
 'user': 'Yi'}

You can then access each field, e.g. the new JWT, using r.json()['jwt'].


Site Tools