GitHub Actions workflows status

CodeClimate

---

API endpoints

The origin and root path for this API is: https://api.klimapartner.net/auth

The following endpoints are defined in this API:

• /get-signed-url
• /login
• /logout
• /refresh

/get-signed-url

Supported methods:

• GET

GET (target lambda → create-cfd-signed-url)

Description:

This endpoint returns a CloudFront signed URL that can be used for accessing content from a private CDN.

Authorization:

Type	Identity source
Cognito	method.request.header.Authorization

Query string parameters:

No query string parameters found for this method.

Request body:

No body found for this method.

Examples:

Example #1

Request:

GET https://api.klimapartner.net/auth/get-signed-url

Headers:
  Authorization: Bearer COGNITO_ACCESS_TOKEN

Response:

Status code:
  200

Headers:
  Access-Control-Allow-Origin: *

Body:
  {
    "signedUrl": "some_signed_url"
  }

/login

Supported methods:

• POST

POST (target lambda → login)

Description:

This endpoint allows user to retrieve their authentication data given they provided a proper username and password. This currently does not support Google as an authentication provider.

Authorization:

No authorizer found for this method.

Query string parameters:

No query string parameters found for this method.

Request body:

Key	Default	Description
method	Cognito	Defines the authentication provider. Valid values: 'Cognito', 'Google'
token		Access token to login. This is used only when logging in via Google.
Username		Username used for logging in via AWS Cognito.
Password		Password associated with the given username for logging in via AWS Cognito.

Examples:

Example #1

Request:

POST https://api.klimapartner.net/auth/login

Body:
  {
    "Username": "cognito_username",
    "Password": "secret_cognito_pwd"
  }

Response:

Status code:
  200

Headers:
  Access-Control-Allow-Origin: *

Body:
  {
    "accessToken": "cognito_access_token",
    "idToken": "cognito_id_token",
    "refreshToken": "cognito_refresh_token",
    "email": "user_email",
    "emailHash": "user_email_md5_hash"
  }

Example #2

Request:

POST https://api.klimapartner.net/auth/login

Body:
  {
    "Username": "wrong_cognito_username",
    "Password": "wrong_secret_cognito_pwd"
  }

Response:

Status code:
  401

Headers:
  Access-Control-Allow-Origin: *

Body:
  {
    "message": "Provided credentials are incorrect."
  }

/logout

Supported methods:

• POST

POST (target lambda → logout)

Description:

This endpoint allows user to invalidate any authentication tokens generated with their credentials. This currently does not support Google as an authentication provider.

Authorization:

No authorizer found for this method.

Query string parameters:

No query string parameters found for this method.

Request body:

Key	Default	Description
method	Cognito	Defines the authentication provider. Valid values: 'Cognito', 'Google'
accessToken		Access token provided when logging in. This applies only to session created via Cognito.

Examples:

Example #1

Request:

POST https://api.klimapartner.net/auth/logout

Body:
  {
    "accessToken": "cognito_access_token"
  }

Response:

Status code:
  200

Headers:
  Access-Control-Allow-Origin: *

Body:
  {
    "message": "User successfully logged out!"
  }

Example #2

Request:

POST https://api.klimapartner.net/auth/logout

Body:
  {
    "accessToken": "wrong_cognito_access_token"
  }

Response:

Status code:
  401

Headers:
  Access-Control-Allow-Origin: *

Body:
  {
    "message": "Provided access token is incorrect."
  }

/refresh

Supported methods:

• POST

POST (target lambda → refresh-session)

Description:

This endpoint allows user to refresh their access token in order to avoid having to log in again. This will work until their refresh token expires. This currently does not support Google as an authentication provider.

Authorization:

No authorizer found for this method.

Query string parameters:

No query string parameters found for this method.

Request body:

Key	Default	Description
method	Cognito	Defines the authentication provider. Valid values: 'Cognito', 'Google'
refreshToken		Refresh token provided when logging in. This applies only to session created via Cognito.

Examples:

Example #1

Request:

POST https://api.klimapartner.net/auth/refresh

Body:
  {
    "refreshToken": "cognito_refresh_token"
  }

Response:

Status code:
  200

Headers:
  Access-Control-Allow-Origin: *

Body:
  {
    "accessToken": "cognito_access_token",
    "idToken": "cognito_id_token"
  }

Example #2

Request:

POST https://api.klimapartner.net/auth/refresh

Body:
  {
    "refreshToken": "wrong_cognito_refresh_token"
  }

Response:

Status code:
  401

Headers:
  Access-Control-Allow-Origin: *

Body:
  {
    "message": "Provided refresh token is incorrect."
  }

API resources

The following lambda functions are used in this API:

• login
• refresh-session
• logout
• create-cfd-signed-url

The following layers are used in this API:

• auth-api-layer

login

Name	Sources	Timeout	Handler	Layers
login	HTTP (POST)	30s	handler	auth-api-layer

See configuration file for more details.

refresh-session

Name	Sources	Timeout	Handler	Layers
refresh-session	HTTP (POST)	30s	handler	auth-api-layer

See configuration file for more details.

logout

Name	Sources	Timeout	Handler	Layers
logout	HTTP (POST)	30s	handler	auth-api-layer

See configuration file for more details.

create-cfd-signed-url

Name	Sources	Timeout	Handler	Layers
create-cfd-signed-url	HTTP (GET)	default	handler	auth-api-layer

See configuration file for more details.

auth-api-layer

Description

Layer for auth-api

Dependencies

• aws-sdk, version: 2.771.0 (see on NPM)
• auth-api-utils (local utility)

See configuration file for more details.

Stack tags

You can use any tags (and their respective values) visible below to find ressources related to this stack on AWS. See here for more details.

Tag	Value
app	kaskadi
service	auth-api
logical-unit	auth
type	http