Page History
...
Field | Meaning |
---|---|
Okay | True if rest api is up and running, should never return false |
Authenticated | True if the token is valid, false if there was no token or the token wasn't valid |
Type | Type of the endpoint, "status" in this case |
_links | returns a link to the authenticated eperson |
_embedded | Embeds the authenticated eperson |
Logout
To logout and invalidate the token, send the token in the Authorization header with the bearer scheme to the following endpoint:
/api/authn/logout
E.G.
curl -v "http://{spring-rest.url}/api/authn/logout" -H "Authorization: Bearer eyJhbG...COdbo"
This will log the user out on every device/browser.
JSON Web Token
The authentication token is JWT and is base64url encoded. For more information about JWT: https://jwt.io/introduction/
...
This method should return a string, this string will be used as key for the claim (for example "eid" for the eperson id claim)
getValue(Context context, HttpServletRequest request): Object
This method should return the value the value of the claim, This can be any object, as long as it is Serialisable.
parseClaim(Context, HttpServletRequest, JWTClaimSet)
This method should parse the claim when someone issues a token. In this method you should handle what has to happen with it (for example setting special groups on the context object)
NOTE: add @Component to your ClaimProviders so Spring can find them.
Refresh Token
When a token is about to expire (Which can be checked with the exp claim), you can request a new token with a new expiration time (by default 30 minutes). To do so send the token to the login endpoint without "user" and "password" parameters. As a response you'll get a new freshly issued token (again in the Authorization header of the response).
E.G.
curl -v "http://{spring-rest.url}/api/authn/login" -H "Authorization: Bearer eyJhbG...COdbo"