mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-10-19 13:50:15 -04:00
58f306a38c
Signed-off-by: David Mehren <git@herrmehren.de>
29 lines
864 B
Markdown
29 lines
864 B
Markdown
# API Authentication
|
|
|
|
## Public API
|
|
All requests to the public API require authentication using a [bearer token](https://datatracker.ietf.org/doc/html/rfc6750).
|
|
|
|
This token can be generated using the profile page in the frontend
|
|
(which in turn uses the private API to generate the token).
|
|
|
|
## Private API
|
|
|
|
The private API uses a session cookie to authenticate the user.
|
|
Sessions are handled using passport.js.
|
|
|
|
The backend hands out a new session token after the user has successfully authenticated
|
|
using one of the supported authentication methods:
|
|
|
|
- Username & Password (`local`)
|
|
- LDAP
|
|
- SAML
|
|
- OAuth2
|
|
- GitLab
|
|
- GitHub
|
|
- Facebook
|
|
- Twitter
|
|
- Dropbox
|
|
- Google
|
|
|
|
The `SessionGuard`, which is added to each (appropriate) controller method of the private API,
|
|
checks if the provided session is still valid and provides the controller method with the correct user.
|