github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
e18bb2194ff0cfff04248df18b856ef15b1766f7
directus/docs/reference/authentication.md
Bevis Halsey-Perry 0c54f5a9ef Introduce SnippetToggler and New SDK Reference (#19110) 
* items semi complete

* updated items page to use snippet toggler and migrated endpoint docs to use it

* updated files page to use snippet toggler and migrated REST and GraphQL endpoint docs to it

* updated activity page to use snippet toggler and migrated REST and GraphQL endpoint doc to it

* updated collections page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* updated dashboards page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated extensions page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated fields page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated flows page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated folders page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated notifications page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated operations page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated panels page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated permissions page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated presets page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated relations page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated revisions page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated roles page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Made headlines consistant with the rest of the doc pages

* Updated server page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated settings page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated shares page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated translations page to use snippet togglers and migrated REST endpoint docs to them

* Updated users page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated utilities page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated webhooks page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated authentication page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* Updated Global Parameters page to use snippet togglers where there are adjacent REST and GraphQL Examples

* Added SDK code snippets to items page and made generic variables consistant

* Added SDK code snippets to files  page and made generic variables consistant

* Few lang changes for files page

* Added SDK code snippets to activity page and made generic variables consistant

* Added SDK code snippets to collections page and made generic variables consistant

* Added SDK code snippets to dashboards page and made generic variables consistant

* removed query word from query parameter objects

* Added SDK code snippets to fields page and made generic variables consistant

* SnippetToggler border

* Used dynamic border color for snippettoggler heading

* Spacing top and bottom of snippet toggler in docs

* Removed extra HRs

* Remove manual TOC in query reference

* Small code styling change in items page

* Updated users page to use snippet togglers and migrated REST and GraphQL endpoint docs to them

* dashboards fixed up property names

* Small copy update on extensions page

* Updated keys in delete mult notifications REST

* Updated keys in operations

* Update keys in panel delete many

* Update keys in permissions

* Added quotes around generic example ID strings

* Added code formatting to final example in share public info

* Format files

* Refined sidebar

* Insert newline before ending template tags

* Fixed extra closing tags, causing an error, un users ref

* Text Formatting Users

* Put GQL related notes inside toggler

* Added SDK code snippets to flows page and made generic variables consistant

* Added SDK code snippets to folder page and made generic variables consistant

* fixing whitepsace for flows and folders page

* Consistent newlines in SnippetToggler usages

* Run prettier

* Fix 'alwaysDark' definition

* Home page snippet toggler style fixes

* Fix snippet toggler lang hover color in light mode

* Introduce different code theme for light mode

* Added SDK code snippets to notifications page and made generic variables consistant

* Switch to 'material-theme-lighter'

* Format file

* Fix tip

* Fix tip in sdk ref

* Consistent spacing for custom containers

* Added SDK code snippets to operations page and made generic variables consistant

* Lint & format code blocks

* Lint & format operations

* Added SDK code snippets to panels page and made generic variables consistant

* Added SDK code snippets to permissions page and made generic variables consistant

* Added SDK code snippets to presets page and made generic variables consistant

* Added SDK code snippets to relations page and made generic variables consistant

* Added SDK code snippets to revisions page and made generic variables consistant

* Added SDK code snippets to roles page and made generic variables consistant

* Added SDK code snippets to server page and made generic variables consistant

* Added SDK code snippets to settings page and made generic variables consistant

* app_url -> directus_project_url

* Omitted auth details in delete multiple files

* Added quotes to values in roles

* Upload a file snippets

* Pluralization for upload/import files

* More files functions typos

* Added SDK code snippets to shares page (still missing createShare(s) as endpoint not functioning currently) and made generic variables consistant

* Added SDK code snippets to translations page (missing delete endponts because not working) and made generic variables consistant

* Added SDK code snippets to users page and made generic variables consistant

* Added SDK code snippets to webhooks page and made generic variables consistant

* Added SDK code snippets to utilites page (except cleaning cache, will be tested and added in later commit) and made generic variables consistant

* Added SDK code snippets to auth page (not login, refresh, and logout though due to errors)

* Added SDK code snippets for utilsExport and clearCache

* added github username be7DOTis to contributors

* Omit auth commands in updateComment

* utilsImport

* rename app_url generic value

* changed instances of updated*operation* to update*Operation*

* missed some 'updated' changse

* Added SDK Snippets to Query Parameters page

* Add section on file security

* added create(s)Shares SDK snippet to shares page

* added console.log to create snippets

* Added delete(s)Webhook SDK snippet to webhooks page

* Added SDK snippets to extensions page

* Added create/updateSingleton section to items page

* Links in files security

* Added SDK Snippets to Schema page

* Added GQL Generic examples to snippet togglers and removed snippet toggler from Login Using SSO Providers

* Added create(s)Presets SDK Snippets to presets page

* replaced fields query in generics snippets for a more generic

* replaced fields query in generics snippets for a more generic

* Use storage value only if valid choice

* Sync snippet togglers across page

* Update docs/reference/system/activity.md

* Update docs/reference/system/activity.md

* Update docs/reference/system/extensions.md

* Update docs/reference/system/revisions.md

* Update docs/reference/system/settings.md

* Update docs/reference/system/revisions.md

* Update docs/reference/system/settings.md

* Update docs/reference/system/activity.md

* Update docs/reference/system/roles.md

* Update docs/reference/system/roles.md

* Update docs/reference/system/roles.md

* Update docs/reference/system/roles.md

* Update docs/reference/system/schema.md

* Update docs/reference/system/server.md

* Update docs/reference/system/shares.md

* Replace all directus_project_url placeholders

* Revert "Sync snippet togglers across page"

This reverts commit 8b36f0d778.

* Update docs/reference/system/shares.md

* Update docs/reference/system/webhooks.md

* Clarify singleton section

* Consistent newlines between SnippetToggler templates

* Format files

* Remove console.log(result) statements from snippet

* Add examples for shares & users

Co-authored-by: Brainslug <tim@brainslug.nl>

* Fix hash GraphQL example

* Clarify update singleton section

* Add auth examples

Co-authored-by: Brainslug <tim@brainslug.nl>

* Final run on consistent newlines between SnippetToggler

* Switch to github themes

* The "Last One"

Co-authored-by: Brainslug <tim@brainslug.nl>

* The "Big One"

* Fix dead links

---------

Co-authored-by: Bevis Halsey-Perry <hi@be7.is>
Co-authored-by: Kevin Lewis <kvn@lws.io>
Co-authored-by: Pascal Jufer <pascal-jufer@bluewin.ch>
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
Co-authored-by: rijkvanzanten <rijkvanzanten@me.com>
Co-authored-by: Brainslug <tim@brainslug.nl>
2023-07-25 17:30:37 -04:00

697 lines
14 KiB
Markdown
Raw Blame History

---
description: API documentation on authentication in Directus.
readTime: 5 min read
pageClass: page-reference
---
# Authentication
> All data within the platform is private by default. The
> [public role](/user-guide/user-management/users-roles-permissions#configure-permissions) can be configured to expose
> data without authentication, or you can pass an access token to the API to access private data.
## Access Tokens
There are two types of tokens that can be used to authenticate within Directus.
**Temporary Token (JWT)** are returned by the [login](#login) endpoint/mutation. These tokens have a relatively short
expiration time, and are thus the most secure option to use. The tokens are returned with a `refresh_token` that can be
used to retrieve a new access token via the [refresh](#refresh) endpoint/mutation.
**Static Tokens** can be set for each platform user, and never expire. They are less secure, but quite useful for
server-to-server communication. They are saved as plain-text within `directus_users.token`.
Once you have your access token, there are two ways to pass it to the API, via the `access_token` query parameter, or in
the request's Authorization Header.
### Query Parameter
```
?access_token=<token>
```
### Authorization Header
```
Authorization: Bearer <token>
```
## Login
Retrieve a temporary access token and refresh token.
### Request
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/login`
`POST /auth/login/:provider`
```json
{
"email": "user_email",
"password": "user_password"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_login(email: "user_email", password: "user_password") {
access_token
refresh_token
}
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, login } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// login using the authentication composable
const result = await client.login('email', 'password');
// login http request
const result = await client.request(login('email', 'password'));
```
</template>
</SnippetToggler>
#### Request Body
`email` **Required**\
Email address of the user you're retrieving the access token for.
`password` **Required**\
Password of the user.
`otp`\
The user's one-time-password (if MFA is enabled).
`mode`\
Whether to retrieve the refresh token in the JSON response, or in a `httpOnly` `secure` cookie. One of `json`, `cookie`.
Defaults to `json`.
### Response
`access_token` **string**\
Temporary access token to be used in follow-up requests.
`expires` **integer**\
How long before the access token will expire. Value is in milliseconds.
`refresh_token` **string**\
The token that can be used to retrieve a new access token through [`/auth/refresh`](#refresh). Note: if you used `cookie`
as the mode in the request, the refresh token won't be returned in the JSON.
::: tip Expiry time
The token's expiration time can be configured through
[the `ACCESS_TOKEN_TTL` environment variable](/self-hosted/config-options#general).
:::
### Example
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/login`
`POST /auth/login/:provider`
```json
{
"email": "admin@example.com",
"password": "d1r3ctu5"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_login(email: "admin@example.com", password: "d1r3ctu5") {
access_token
refresh_token
}
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, login } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// login using the authentication composable
const result = await client.login('admin@example.com', 'd1r3ctu5');
// login http request
const result = await client.request(login('admin@example.com', 'd1r3ctu5'));
```
</template>
</SnippetToggler>
## Refresh
Retrieve a new access token using a refresh token.
### Request
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/refresh`
```json
{
"refresh_token": "gmPd...8wuB",
"mode": "json"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_refresh(refresh_token: "abc...def", mode: json) {
access_token
refresh_token
}
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, refresh } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// refresh using the authentication composable
const result = await client.refresh();
// refresh http request
const result = await client.request(refresh('refresh_token'));
```
</template>
</SnippetToggler>
#### Request Body
`refresh_token`\
The refresh token to use. If you have the refresh token in a cookie through [`/auth/login`](#login), you don't have to submit
it here.
`mode`\
Whether to retrieve the refresh token in the JSON response, or in a `httpOnly` `secure` cookie. One of `json`, `cookie`.
### Response
`access_token` **string**\
Temporary access token to be used in follow-up requests.
`expires` **integer**\
How long before the access token will expire. Value is in milliseconds.
`refresh_token` **string**\
The token that can be used to retrieve a new access token through [`/auth/refresh`](#refresh). Note: if you used `cookie`
as the mode in the request, the refresh token won't be returned in the JSON.
### Example
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/refresh`
```json
{
"refresh_token": "gmPd...8wuB",
"mode": "json"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_refresh(refresh_token: "abc...def", mode: json) {
access_token
refresh_token
}
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, refresh } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// refresh using the authentication composable
const result = await client.refresh();
// refresh http request
const result = await client.request(refresh('gmPd...8wuB'));
```
</template>
</SnippetToggler>
## Logout
Invalidate the refresh token thus destroying the user's session.
### Request
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/logout`
```json
{
"refresh_token": "refresh_token"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_logout(refresh_token: "refresh_token")
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, logout } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// logout using the authentication composable
const result = await client.logout();
// logout http request
const result = await client.request(logout('refresh_token'));
```
</template>
</SnippetToggler>
#### Request Body
`refresh_token`\
The refresh token to invalidate. If you have the refresh token in a cookie through [`/auth/login`](#login), you don't have
to submit it here.
### Example
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/logout`
```json
{
"refresh_token": "gmPd...8wuB"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_logout(refresh_token: "gmPd...8wuB")
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { authentication } from '@directus/sdk/authentication';
import { rest, logout } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(authentication()).with(rest())
// logout using the authentication composable
const result = await client.logout();
// logout http request
const result = await client.request(logout('gmPd...8wuB'));
```
</template>
</SnippetToggler>
## Request Password Reset
Request a password reset email to be sent to the given user.
### Request
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/password/request`
```json
{
"email": "user_email"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_password_request(email: "user_email")
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { rest, passwordRequest } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(passwordRequest('user_email'));
```
</template>
</SnippetToggler>
#### Request Body
`email` **Required**\
Email address of the user you're requesting a password reset for.
`reset_url`\
Provide a custom reset url which the link in the email will lead to. The reset token will be passed as a parameter.\
**Note**: You need to configure the
[`PASSWORD_RESET_URL_ALLOW_LIST` environment variable](/self-hosted/config-options#security) to enable this feature.
### Example
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/password/request`
```json
{
"email": "admin@example.com"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_password_request(email: "admin@example.com")
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { rest, passwordRequest } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(passwordRequest('admin@example.com'));
```
</template>
</SnippetToggler>
## Reset a Password
The request a password reset endpoint sends an email with a link to the admin app (or a custom route) which in turn uses
this endpoint to allow the user to reset their password.
### Request
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/password/reset`
```json
{
"token": "password_reset_token",
"password": "password"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_password_reset(token: "password_reset_token", password: "password")
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { rest, passwordReset } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(passwordReset('reset_token', 'new_password'));
```
</template>
</SnippetToggler>
#### Request Body
`token` **Required**\
Password reset token, as provided in the email sent by the request endpoint.
`password` **Required**\
New password for the user.
### Example
<SnippetToggler :choices="['REST', 'GraphQL', 'SDK']" label="API">
<template #rest>
`POST /auth/password/reset`
```json
{
"token": "eyJh...KmUk",
"password": "d1r3ctu5"
}
```
</template>
<template #graphql>
`POST /graphql/system`
```graphql
mutation {
auth_password_reset(token: "eyJh...KmUk", password: "d1r3ctu5")
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { rest, passwordReset } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(passwordReset('reset_token', 'new_password'));
```
</template>
</SnippetToggler>
## List Auth Providers
List all the configured auth providers.
::: tip Configuring auth providers
To learn more about setting up auth providers, see
[Configuring auth providers](/self-hosted/config-options#authentication).
:::
### Request
<SnippetToggler :choices="['REST', 'SDK']" label="API">
<template #rest>
`GET /auth`
```json
{
"data": [
{
"name": "GitHub",
"driver": "oauth2",
"icon": "github"
},
{
"name": "Google",
"driver": "openid",
"icon": "google"
},
{
"name": "Okta",
"driver": "openid"
}
],
"disableDefault": false
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { rest, readProviders } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(readProviders());
```
</template>
</SnippetToggler>
### Response
`data` **Array**\
Array of configured auth providers.
`disableDefault` **boolean**\
Whether or not the default authentication provider is disabled.
### Example
<SnippetToggler :choices="['REST', 'SDK']" label="API">
<template #rest>
`GET /auth`
```json
{
"data": [
{
"name": "GitHub",
"driver": "oauth2",
"icon": "github"
},
{
"name": "Google",
"driver": "openid",
"icon": "google"
},
{
"name": "Okta",
"driver": "openid"
}
],
"disableDefault": false
}
```
</template>
<template #sdk>
```js
import { createDirectus } from '@directus/sdk';
import { rest, readProviders } from '@directus/sdk/rest';
const client = createDirectus('https://directus.example.com').with(rest());
const result = await client.request(readProviders());
```
</template>
</SnippetToggler>
## Login Using SSO Providers
Will redirect to the configured SSO provider for the user to login.
### Request
```
GET /auth/login/:provider
```
Reference in New Issue View Git Blame Copy Permalink