Authentication#
Note
This page has been migrated from the old documentation, and has not yet been fully revised. There might be inconsistencies or errors when using with current LinkAhead versions.
Some features of LinkAhead are available to registered users only. Making any changes to the data via HTTP requires authentication.
Sessions#
Login#
Authentication is done by username and password. They must be sent as form data with a POST
request to the /login/ resource:
- username:
The username, for example
admin(on demo.indiscale.com).- password:
The password, for example
caosdb(on demo.indiscale.com).
Logout#
The server does not invalidate AuthTokens. They invalidate after they expire or when the server is being restarted. The client should delete their AuthToken to ‘logout’.
However, in order to remove the AuthToken cookie from the browsers there is a convenient resource which will invalidate the cookie (not the AuthToken).
Send
GET http://host:port/logout
and the server will return an empty AuthToken cookie which immediately expires.
Example using curl#
Login#
To use curl for talking with the server, first save your password into a variable: PW=$(cat)
Then create a cookie in cookie.txt like this (note that this makes your password visible for a
short time to everyone on your system:
curl -X POST -c cookie.txt -D head.txt -d username=<USERNAME> -d password="$PW" --insecure "https://<SERVER>/login
Now cookie.txt contains the required authentication token information in the SessionToken
cookie (url-encoded json).
Example token content
["S","PAM","admin",[],[],1682509668825,3600000,"Z6J4B[...]-OQ","31d3a[...]ab2c10"]
Using the token#
To use the cookie, pass it on with later requests:
curl -X GET -b cookie.txt --insecure "https://<SERVER>/Entity/123"