AuthAPI is a Python-based authentication API, built using flask, that provides user registration, login, and token-based authentication functionalities. The API uses a local sqlite database to store user info, and bcrypt to encrypt passswords.
Ensure you have the following installed:
- Python 3.8+
- Flask
- Bcrypt
- PyJWT
- Requests
- Clone/download the respository
- Install dependencies:
pip install -r requirements.txt - Configure:
Customize the API by changing
config.json
You can configure the API from config.json
minPasswordLengthis the minimum length of the password, default is 8.maxPasswordLengthis the maximum length of the password, default is 128.minNameLengthis the minimum length of the name, default is 2.maxNameLengthis the maximum length of the name, default is 64.sessionExpiryTimeis the time in seconds for which a token lasts, default is 300.tokenSecretis the secret key used to formulate the jwt tokens, the longer the more secure.
To start the API, run:
python start.py
Which will run the API on a local server on http://127.0.0.1:5000
POST endpoint for registering an account /register
{"email": email, "password": password, "name" : name} JSON
If request is successful:
{"Success": "User succesfully registered"}Response Code 201
regjson = {"email": email, "name": name, "password": password}
regReq = requests.post(url='http://127.0.0.1:5000/register', json=regjson)
print("Response: ", regReq.text)POST endpoint for logging in /login
{"email": email, "password": password} JSON
If request is successful:
{"success": "User sucessfully logged in", "sessionToken": token, "sessionExpiry": expiry}Response Code 200
- sessionToken is the bearer token which will be used for protected endpoint calls
- sessionExpiry is Unix time in seconds, for which the token will expire.
logjson = {"email": email, "password": password}
logreq = requests.post(url='http://127.0.0.1:5000/login', json=regjson)
print("Response: ", logreq.text)GET endpoint for logging out /logout
Authorization: Bearer token where token is the sessionToken, from logging in.
If request is successful:
{"Success": "Successfully logged out"}Response Code 200
- The token is thus invalidated, and cannot be used to access protected resources.
logreqjson = json.loads(logreq.text)
logoutreq = requests.get(url='http://127.0.0.1:5000/logout', headers = {"Authorization": "Bearer " + logreqjson["sessionToken"]})
print("Response: ", logoutreq.text)GET protected endpoint for getting the name of a valid token /getName
Authorization: Bearer token where token is the sessionToken, from logging in.
If request is successful:
{"name": name}Response Code 200
- If the token is not valid or expired the endpoint will return
401.
logreqjson = json.loads(logreq.text)
nameReq = requests.get(url='http://127.0.0.1:5000/getName', headers = {"Authorization": "Bearer " + logreqjson["sessionToken"]})
print("Response: ", nameReq.text)In order to test the API, you can use a tool such as Postman, or you can use the included test.py, which will test all the endpoints. Simply run:
python test.py
Make sure that the local server is running, for the script to work.