--- last_review: "2025-01-01" last_reviewer: "-" documented_code: [ ] --- ```{tags} how-to, administrator ``` # Authentication :::{note} This page has been migrated from the old documentation, and has not yet been fully revised. There might be inconsistencies or errors when using with current LinkAhead versions. ::: % TODO: Issue: https://gitlab.indiscale.com/caosdb/src/linkahead-docs/-/issues/90 % TODO: Split into How-To and Explanation Some features of LinkAhead are available to registered users only. Making any changes to the data via HTTP requires authentication. ## Sessions ### Login Authentication is done by `username` and `password`. They must be sent as form data with a POST request to the `/login/` resource: username: : The username, for example `admin` (on demo.indiscale.com). password: : The password, for example `caosdb` (on demo.indiscale.com). ### Logout The server does not invalidate AuthTokens. They invalidate after they expire or when the server is being restarted. The client should delete their AuthToken to 'logout'. However, in order to remove the AuthToken cookie from the browsers there is a convenient resource which will invalidate the cookie (not the AuthToken). Send `GET http://host:port/logout` and the server will return an empty AuthToken cookie which immediately expires. ### Example using `curl` (curl-login)= #### Login To use curl for talking with the server, first save your password into a variable: `PW=$(cat)` Then create a cookie in `cookie.txt` like this (note that this makes your password visible for a short time to everyone on your system: ```sh curl -X POST -c cookie.txt -D head.txt -d username= -d password="$PW" --insecure "https:///login ``` Now `cookie.txt` contains the required authentication token information in the `SessionToken` cookie (url-encoded json). ```{rubric} Example token content ``` ```json ["S","PAM","admin",[],[],1682509668825,3600000,"Z6J4B[...]-OQ","31d3a[...]ab2c10"] ``` #### Using the token To use the cookie, pass it on with later requests: ```sh curl -X GET -b cookie.txt --insecure "https:///Entity/123" ```