0c54f5a9ef
* items semi complete
* updated items page to use snippet toggler and migrated endpoint docs to use it
* updated files page to use snippet toggler and migrated REST and GraphQL endpoint docs to it
* updated activity page to use snippet toggler and migrated REST and GraphQL endpoint doc to it
* updated collections page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* updated dashboards page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated extensions page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated fields page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated flows page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated folders page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated notifications page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated operations page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated panels page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated permissions page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated presets page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated relations page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated revisions page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated roles page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Made headlines consistant with the rest of the doc pages
* Updated server page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated settings page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated shares page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated translations page to use snippet togglers and migrated REST endpoint docs to them
* Updated users page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated utilities page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated webhooks page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated authentication page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* Updated Global Parameters page to use snippet togglers where there are adjacent REST and GraphQL Examples
* Added SDK code snippets to items page and made generic variables consistant
* Added SDK code snippets to files page and made generic variables consistant
* Few lang changes for files page
* Added SDK code snippets to activity page and made generic variables consistant
* Added SDK code snippets to collections page and made generic variables consistant
* Added SDK code snippets to dashboards page and made generic variables consistant
* removed query word from query parameter objects
* Added SDK code snippets to fields page and made generic variables consistant
* SnippetToggler border
* Used dynamic border color for snippettoggler heading
* Spacing top and bottom of snippet toggler in docs
* Removed extra HRs
* Remove manual TOC in query reference
* Small code styling change in items page
* Updated users page to use snippet togglers and migrated REST and GraphQL endpoint docs to them
* dashboards fixed up property names
* Small copy update on extensions page
* Updated keys in delete mult notifications REST
* Updated keys in operations
* Update keys in panel delete many
* Update keys in permissions
* Added quotes around generic example ID strings
* Added code formatting to final example in share public info
* Format files
* Refined sidebar
* Insert newline before ending template tags
* Fixed extra closing tags, causing an error, un users ref
* Text Formatting Users
* Put GQL related notes inside toggler
* Added SDK code snippets to flows page and made generic variables consistant
* Added SDK code snippets to folder page and made generic variables consistant
* fixing whitepsace for flows and folders page
* Consistent newlines in SnippetToggler usages
* Run prettier
* Fix 'alwaysDark' definition
* Home page snippet toggler style fixes
* Fix snippet toggler lang hover color in light mode
* Introduce different code theme for light mode
* Added SDK code snippets to notifications page and made generic variables consistant
* Switch to 'material-theme-lighter'
* Format file
* Fix tip
* Fix tip in sdk ref
* Consistent spacing for custom containers
* Added SDK code snippets to operations page and made generic variables consistant
* Lint & format code blocks
* Lint & format operations
* Added SDK code snippets to panels page and made generic variables consistant
* Added SDK code snippets to permissions page and made generic variables consistant
* Added SDK code snippets to presets page and made generic variables consistant
* Added SDK code snippets to relations page and made generic variables consistant
* Added SDK code snippets to revisions page and made generic variables consistant
* Added SDK code snippets to roles page and made generic variables consistant
* Added SDK code snippets to server page and made generic variables consistant
* Added SDK code snippets to settings page and made generic variables consistant
* app_url -> directus_project_url
* Omitted auth details in delete multiple files
* Added quotes to values in roles
* Upload a file snippets
* Pluralization for upload/import files
* More files functions typos
* Added SDK code snippets to shares page (still missing createShare(s) as endpoint not functioning currently) and made generic variables consistant
* Added SDK code snippets to translations page (missing delete endponts because not working) and made generic variables consistant
* Added SDK code snippets to users page and made generic variables consistant
* Added SDK code snippets to webhooks page and made generic variables consistant
* Added SDK code snippets to utilites page (except cleaning cache, will be tested and added in later commit) and made generic variables consistant
* Added SDK code snippets to auth page (not login, refresh, and logout though due to errors)
* Added SDK code snippets for utilsExport and clearCache
* added github username be7DOTis to contributors
* Omit auth commands in updateComment
* utilsImport
* rename app_url generic value
* changed instances of updated*operation* to update*Operation*
* missed some 'updated' changse
* Added SDK Snippets to Query Parameters page
* Add section on file security
* added create(s)Shares SDK snippet to shares page
* added console.log to create snippets
* Added delete(s)Webhook SDK snippet to webhooks page
* Added SDK snippets to extensions page
* Added create/updateSingleton section to items page
* Links in files security
* Added SDK Snippets to Schema page
* Added GQL Generic examples to snippet togglers and removed snippet toggler from Login Using SSO Providers
* Added create(s)Presets SDK Snippets to presets page
* replaced fields query in generics snippets for a more generic
* replaced fields query in generics snippets for a more generic
* Use storage value only if valid choice
* Sync snippet togglers across page
* Update docs/reference/system/activity.md
* Update docs/reference/system/activity.md
* Update docs/reference/system/extensions.md
* Update docs/reference/system/revisions.md
* Update docs/reference/system/settings.md
* Update docs/reference/system/revisions.md
* Update docs/reference/system/settings.md
* Update docs/reference/system/activity.md
* Update docs/reference/system/roles.md
* Update docs/reference/system/roles.md
* Update docs/reference/system/roles.md
* Update docs/reference/system/roles.md
* Update docs/reference/system/schema.md
* Update docs/reference/system/server.md
* Update docs/reference/system/shares.md
* Replace all directus_project_url placeholders
* Revert "Sync snippet togglers across page"
This reverts commit 8b36f0d778.
* Update docs/reference/system/shares.md
* Update docs/reference/system/webhooks.md
* Clarify singleton section
* Consistent newlines between SnippetToggler templates
* Format files
* Remove console.log(result) statements from snippet
* Add examples for shares & users
Co-authored-by: Brainslug <tim@brainslug.nl>
* Fix hash GraphQL example
* Clarify update singleton section
* Add auth examples
Co-authored-by: Brainslug <tim@brainslug.nl>
* Final run on consistent newlines between SnippetToggler
* Switch to github themes
* The "Last One"
Co-authored-by: Brainslug <tim@brainslug.nl>
* The "Big One"
* Fix dead links
---------
Co-authored-by: Bevis Halsey-Perry <hi@be7.is>
Co-authored-by: Kevin Lewis <kvn@lws.io>
Co-authored-by: Pascal Jufer <pascal-jufer@bluewin.ch>
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
Co-authored-by: rijkvanzanten <rijkvanzanten@me.com>
Co-authored-by: Brainslug <tim@brainslug.nl>
14 KiB
description, readTime, pageClass
| description | readTime | pageClass |
|---|---|---|
| API documentation on authentication in Directus. | 5 min read | page-reference |
Authentication
All data within the platform is private by default. The public role can be configured to expose data without authentication, or you can pass an access token to the API to access private data.
Access Tokens
There are two types of tokens that can be used to authenticate within Directus.
Temporary Token (JWT) are returned by the login endpoint/mutation. These tokens have a relatively short
expiration time, and are thus the most secure option to use. The tokens are returned with a refresh_token that can be
used to retrieve a new access token via the refresh endpoint/mutation.
Static Tokens can be set for each platform user, and never expire. They are less secure, but quite useful for
server-to-server communication. They are saved as plain-text within directus_users.token.
Once you have your access token, there are two ways to pass it to the API, via the access_token query parameter, or in
the request's Authorization Header.
Query Parameter
?access_token=<token>
Authorization Header
Authorization: Bearer <token>
Login
Retrieve a temporary access token and refresh token.
Request
POST /auth/login
POST /auth/login/:provider
{
"email": "user_email",
"password": "user_password"
}
POST /graphql/system
mutation {
auth_login(email: "user_email", password: "user_password") {
access_token
refresh_token
}
}
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, login } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// login using the authentication composable
const result = await client.login('email', 'password');
// login http request
const result = await client.request(login('email', 'password'));
Request Body
email Required
Email address of the user you're retrieving the access token for.
password Required
Password of the user.
otp
The user's one-time-password (if MFA is enabled).
mode
Whether to retrieve the refresh token in the JSON response, or in a httpOnly secure cookie. One of json, cookie.
Defaults to json.
Response
access_token string
Temporary access token to be used in follow-up requests.
expires integer
How long before the access token will expire. Value is in milliseconds.
refresh_token string
The token that can be used to retrieve a new access token through /auth/refresh. Note: if you used cookie
as the mode in the request, the refresh token won't be returned in the JSON.
::: tip Expiry time
The token's expiration time can be configured through
the ACCESS_TOKEN_TTL environment variable.
:::
Example
POST /auth/login
POST /auth/login/:provider
{
"email": "admin@example.com",
"password": "d1r3ctu5"
}
POST /graphql/system
mutation {
auth_login(email: "admin@example.com", password: "d1r3ctu5") {
access_token
refresh_token
}
}
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, login } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// login using the authentication composable
const result = await client.login('admin@example.com', 'd1r3ctu5');
// login http request
const result = await client.request(login('admin@example.com', 'd1r3ctu5'));
Refresh
Retrieve a new access token using a refresh token.
Request
POST /auth/refresh
{
"refresh_token": "gmPd...8wuB",
"mode": "json"
}
POST /graphql/system
mutation {
auth_refresh(refresh_token: "abc...def", mode: json) {
access_token
refresh_token
}
}
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, refresh } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// refresh using the authentication composable
const result = await client.refresh();
// refresh http request
const result = await client.request(refresh('refresh_token'));
Request Body
refresh_token
The refresh token to use. If you have the refresh token in a cookie through /auth/login, you don't have to submit
it here.
mode
Whether to retrieve the refresh token in the JSON response, or in a httpOnly secure cookie. One of json, cookie.
Response
access_token string
Temporary access token to be used in follow-up requests.
expires integer
How long before the access token will expire. Value is in milliseconds.
refresh_token string
The token that can be used to retrieve a new access token through /auth/refresh. Note: if you used cookie
as the mode in the request, the refresh token won't be returned in the JSON.
Example
POST /auth/refresh
{
"refresh_token": "gmPd...8wuB",
"mode": "json"
}
POST /graphql/system
mutation {
auth_refresh(refresh_token: "abc...def", mode: json) {
access_token
refresh_token
}
}
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, refresh } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// refresh using the authentication composable
const result = await client.refresh();
// refresh http request
const result = await client.request(refresh('gmPd...8wuB'));
Logout
Invalidate the refresh token thus destroying the user's session.
Request
POST /auth/logout
{
"refresh_token": "refresh_token"
}
POST /graphql/system
mutation {
auth_logout(refresh_token: "refresh_token")
}
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, logout } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// logout using the authentication composable
const result = await client.logout();
// logout http request
const result = await client.request(logout('refresh_token'));
Request Body
refresh_token
The refresh token to invalidate. If you have the refresh token in a cookie through /auth/login, you don't have
to submit it here.
Example
POST /auth/logout
{
"refresh_token": "gmPd...8wuB"
}
POST /graphql/system
mutation {
auth_logout(refresh_token: "gmPd...8wuB")
}
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, logout } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// logout using the authentication composable
const result = await client.logout();
// logout http request
const result = await client.request(logout('gmPd...8wuB'));
Request Password Reset
Request a password reset email to be sent to the given user.
Request
POST /auth/password/request
{
"email": "user_email"
}
POST /graphql/system
mutation {
auth_password_request(email: "user_email")
}
import { createDirectus } from '@directus/sdk';
import { rest, passwordRequest } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(passwordRequest('user_email'));
Request Body
email Required
Email address of the user you're requesting a password reset for.
reset_url
Provide a custom reset url which the link in the email will lead to. The reset token will be passed as a parameter.
Note: You need to configure the
PASSWORD_RESET_URL_ALLOW_LIST environment variable to enable this feature.
Example
POST /auth/password/request
{
"email": "admin@example.com"
}
POST /graphql/system
mutation {
auth_password_request(email: "admin@example.com")
}
import { createDirectus } from '@directus/sdk';
import { rest, passwordRequest } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(passwordRequest('admin@example.com'));
Reset a Password
The request a password reset endpoint sends an email with a link to the admin app (or a custom route) which in turn uses this endpoint to allow the user to reset their password.
Request
POST /auth/password/reset
{
"token": "password_reset_token",
"password": "password"
}
POST /graphql/system
mutation {
auth_password_reset(token: "password_reset_token", password: "password")
}
import { createDirectus } from '@directus/sdk';
import { rest, passwordReset } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(passwordReset('reset_token', 'new_password'));
Request Body
token Required
Password reset token, as provided in the email sent by the request endpoint.
password Required
New password for the user.
Example
POST /auth/password/reset
{
"token": "eyJh...KmUk",
"password": "d1r3ctu5"
}
POST /graphql/system
mutation {
auth_password_reset(token: "eyJh...KmUk", password: "d1r3ctu5")
}
import { createDirectus } from '@directus/sdk';
import { rest, passwordReset } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(passwordReset('reset_token', 'new_password'));
List Auth Providers
List all the configured auth providers.
::: tip Configuring auth providers
To learn more about setting up auth providers, see Configuring auth providers.
:::
Request
GET /auth
{
"data": [
{
"name": "GitHub",
"driver": "oauth2",
"icon": "github"
},
{
"name": "Google",
"driver": "openid",
"icon": "google"
},
{
"name": "Okta",
"driver": "openid"
}
],
"disableDefault": false
}
import { createDirectus } from '@directus/sdk';
import { rest, readProviders } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(readProviders());
Response
data Array
Array of configured auth providers.
disableDefault boolean
Whether or not the default authentication provider is disabled.
Example
GET /auth
{
"data": [
{
"name": "GitHub",
"driver": "oauth2",
"icon": "github"
},
{
"name": "Google",
"driver": "openid",
"icon": "google"
},
{
"name": "Okta",
"driver": "openid"
}
],
"disableDefault": false
}
import { createDirectus } from '@directus/sdk';
import { rest, readProviders } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(readProviders());
Login Using SSO Providers
Will redirect to the configured SSO provider for the user to login.
Request
GET /auth/login/:provider