|
1 | 1 | --- |
2 | 2 | title: Auth |
3 | | -description: Auth protocol schemas |
| 3 | +description: Auth protocol schemas and endpoints |
4 | 4 | --- |
5 | 5 |
|
6 | 6 | Authentication Service Protocol |
7 | 7 |
|
8 | 8 | Defines the standard API contracts for Identity, Session Management, |
9 | | - |
10 | 9 | and Access Control. |
11 | 10 |
|
12 | 11 | <Callout type="info"> |
13 | | -**Source:** `packages/spec/src/api/auth.zod.ts` |
| 12 | +**Source:** `packages/spec/src/api/auth.zod.ts`, `packages/spec/src/api/auth-endpoints.zod.ts` |
14 | 13 | </Callout> |
15 | 14 |
|
| 15 | +## Endpoints |
| 16 | + |
| 17 | +The authentication service uses [better-auth](https://www.better-auth.com/) endpoints as the canonical API contract. |
| 18 | +All endpoints are relative to the auth base path (default: `/api/v1/auth`). |
| 19 | + |
| 20 | +### Email/Password Authentication |
| 21 | + |
| 22 | +| Endpoint | Method | Path | Description | |
| 23 | +| :--- | :--- | :--- | :--- | |
| 24 | +| **Sign In** | `POST` | `/sign-in/email` | Sign in with email and password | |
| 25 | +| **Sign Up** | `POST` | `/sign-up/email` | Register new user with email and password | |
| 26 | +| **Sign Out** | `POST` | `/sign-out` | Sign out current user | |
| 27 | + |
| 28 | +### Session Management |
| 29 | + |
| 30 | +| Endpoint | Method | Path | Description | |
| 31 | +| :--- | :--- | :--- | :--- | |
| 32 | +| **Get Session** | `GET` | `/get-session` | Get current user session | |
| 33 | + |
| 34 | +### Password Management |
| 35 | + |
| 36 | +| Endpoint | Method | Path | Description | |
| 37 | +| :--- | :--- | :--- | :--- | |
| 38 | +| **Forget Password** | `POST` | `/forget-password` | Request password reset email | |
| 39 | +| **Reset Password** | `POST` | `/reset-password` | Reset password with token | |
| 40 | + |
| 41 | +### Email Verification |
| 42 | + |
| 43 | +| Endpoint | Method | Path | Description | |
| 44 | +| :--- | :--- | :--- | :--- | |
| 45 | +| **Send Verification** | `POST` | `/send-verification-email` | Send email verification link | |
| 46 | +| **Verify Email** | `GET` | `/verify-email` | Verify email with token | |
| 47 | + |
| 48 | +### OAuth (when providers configured) |
| 49 | + |
| 50 | +| Endpoint | Method | Path | Description | |
| 51 | +| :--- | :--- | :--- | :--- | |
| 52 | +| **Authorize** | `GET` | `/authorize/:provider` | Start OAuth flow | |
| 53 | +| **Callback** | `GET` | `/callback/:provider` | OAuth callback | |
| 54 | + |
| 55 | +### 2FA (when enabled) |
| 56 | + |
| 57 | +| Endpoint | Method | Path | Description | |
| 58 | +| :--- | :--- | :--- | :--- | |
| 59 | +| **Enable 2FA** | `POST` | `/two-factor/enable` | Enable two-factor authentication | |
| 60 | +| **Verify 2FA** | `POST` | `/two-factor/verify` | Verify 2FA code | |
| 61 | + |
| 62 | +### Passkeys (when enabled) |
| 63 | + |
| 64 | +| Endpoint | Method | Path | Description | |
| 65 | +| :--- | :--- | :--- | :--- | |
| 66 | +| **Register Passkey** | `POST` | `/passkey/register` | Register a passkey | |
| 67 | +| **Authenticate** | `POST` | `/passkey/authenticate` | Authenticate with passkey | |
| 68 | + |
| 69 | +### Magic Links (when enabled) |
| 70 | + |
| 71 | +| Endpoint | Method | Path | Description | |
| 72 | +| :--- | :--- | :--- | :--- | |
| 73 | +| **Send Magic Link** | `POST` | `/magic-link/send` | Send magic link email | |
| 74 | +| **Verify Magic Link** | `GET` | `/magic-link/verify` | Verify magic link | |
| 75 | + |
| 76 | +## Usage Examples |
| 77 | + |
| 78 | +### Using the ObjectStack Client |
| 79 | + |
| 80 | +```typescript |
| 81 | +import { ObjectStackClient } from '@objectstack/client'; |
| 82 | + |
| 83 | +const client = new ObjectStackClient({ |
| 84 | + baseUrl: 'http://localhost:3000' |
| 85 | +}); |
| 86 | + |
| 87 | +// Register |
| 88 | +await client.auth.register({ |
| 89 | + email: 'user@example.com', |
| 90 | + password: 'SecurePassword123!', |
| 91 | + name: 'John Doe' |
| 92 | +}); |
| 93 | + |
| 94 | +// Login |
| 95 | +await client.auth.login({ |
| 96 | + type: 'email', |
| 97 | + email: 'user@example.com', |
| 98 | + password: 'SecurePassword123!' |
| 99 | +}); |
| 100 | + |
| 101 | +// Get session |
| 102 | +const session = await client.auth.me(); |
| 103 | + |
| 104 | +// Logout |
| 105 | +await client.auth.logout(); |
| 106 | +``` |
| 107 | + |
| 108 | +### Using Direct API Calls |
| 109 | + |
| 110 | +```bash |
| 111 | +# Register |
| 112 | +curl -X POST http://localhost:3000/api/v1/auth/sign-up/email \ |
| 113 | + -H "Content-Type: application/json" \ |
| 114 | + -d '{"email":"user@example.com","password":"SecurePassword123!","name":"John Doe"}' |
| 115 | + |
| 116 | +# Login |
| 117 | +curl -X POST http://localhost:3000/api/v1/auth/sign-in/email \ |
| 118 | + -H "Content-Type: application/json" \ |
| 119 | + -d '{"email":"user@example.com","password":"SecurePassword123!"}' |
| 120 | + |
| 121 | +# Get session |
| 122 | +curl http://localhost:3000/api/v1/auth/get-session \ |
| 123 | + -H "Authorization: Bearer YOUR_TOKEN" |
| 124 | + |
| 125 | +# Logout |
| 126 | +curl -X POST http://localhost:3000/api/v1/auth/sign-out \ |
| 127 | + -H "Authorization: Bearer YOUR_TOKEN" |
| 128 | +``` |
| 129 | + |
| 130 | +--- |
| 131 | + |
| 132 | +## Request/Response Schemas |
| 133 | + |
16 | 134 | ## TypeScript Usage |
17 | 135 |
|
18 | 136 | ```typescript |
|
0 commit comments