Credentials
Credentials are tightly associated with Users. All Users have one or more associated Credentials.
Fields
| Field | Value | Req/Default | Notes |
|---|---|---|---|
id |
id | Auto-generated | Credential’s ID. Always starts with “crd_”. Example: |
user_id |
user_id | Required | ID of User this Credential belongs to. |
credential_type |
facebook, github, google, linkedin, oauth2, password, slack, totp, yahoo |
Required | |
request |
hash | Hash of request attributes to add to Event. See notes. |
|
|
|||
password |
string | Required |
|
password_confirmation |
string | Optional |
|
|
|||
auth_provider_id |
auth_provider_id | Auth Provider's ID. | |
name |
string | Required | Name of the TOTP device, eg: 'iPhone X'. |
otp_secret |
string | Auto-generated | The secret used to seed the TOTP device; only when |
provisioning_svg |
string | Auto-generated | SVG of QRCode for TOTP device self-provisioning; only when |
provisioning_uri |
uri | Auto-generated | Standardized URI used to create QRCodes for TOTP device self-provisioning; only when |
state |
active, new |
Auto-generated | TOTP credentials must be verified prior to becoming active. |
Social providers/OAuth2: |
|||
access_token |
string | Access token for this user. | |
auth_provider_id |
auth_provider_id | Auth Provider's ID. | |
provider_user_id |
string | External provider's Unique ID for this user. | |
token_expires_at |
time_t | Expiration time of |
|
Passwords
password_confirmation is optional when setting/updating a password. If included, it must match password. If not included, the confirmation check is bypassed.
Social providers / OAuth2
Credentials for social providers (and custom OAuth2 providers) are generally handled automatically by LoginRocket or when using the Auth Provider Authenticate with a Token method.
The only method sometimes used with social providers is Delete a Credential.
When migrating existing data to AuthRocket, Create a Credential may be useful. However, you can also skip this and let AuthRocket automatically create the credentials based on matching email addresses.
Required permissions
| Method | Permissions |
|---|---|
| Get | read |
| Create, Update, Verify, Delete | write |
List credentials
To retrieve all credentials for a user, use Get a User.
Get a credential
Retrieve a specific credential.
Request
Example
GET /v2/credentials/:credential_id
var resp = await authrocket.credentials.find('crd_0v1zUpWdE4IiFc2w5ynShf')$res = $authrocket->credentials->find('crd_0v1zUpWdE4IiFc2w5ynShf');cred = AuthRocket::Credential.find 'crd_0v1zUpWdE4IiFc2w5ynShf'Response
Example
Status: 200
{ "id" : "crd_0v1zUpWdE4IiFc2w5ynShf",
"credential_type" : "password",
"object" : "credential",
"user_id" : "usr_0v1zTHXhtNgmDaXaDYSAqx"
}
console.log(resp.results)
{ id: "crd_0v1zUpWdE4IiFc2w5ynShf",
credential_type: "password",
object: "credential",
user_id: "usr_0v1zTHXhtNgmDaXaDYSAqx"
}var_dump($res->fields);
array(16) {
["id"]=> string(26) "crd_0v1zUpWdE4IiFc2w5ynShf"
["credential_type"]=> string(8) "password"
["object"]=> string(10) "credential"
["user_id"]=> string(26) "usr_0v1zTHXhtNgmDaXaDYSAqx"
}#<AuthRocket::Credential:0x3fde5fa18df8>
id: "crd_0v1zUpWdE4IiFc2w5ynShf",
attribs: {
"credential_type"=>"password",
"object"=>"credential",
"user_id"=>"usr_0v1zTHXhtNgmDaXaDYSAqx"
}Create a credential
Creates a new credential for a user.
Request
Example
POST /v2/credentials
{ "credential" :
{ "user_id" : "usr_0v1zTHXhtNgmDaXaDYSAqx",
"credential_type" : "totp"
}
}
var resp = await authrocket.credentials.create({
user_id: 'usr_0v1zTHXhtNgmDaXaDYSAqx',
credential_type: 'totp'
})$res = $authrocket->credentials->create([
"user_id" => "usr_0v1zTHXhtNgmDaXaDYSAqx",
"credential_type" => "totp"
]);cred = AuthRocket::Credential.create(
user_id: 'usr_0v1zTHXhtNgmDaXaDYSAqx',
credential_type: 'totp'
)Response
Example
Status: 201, with same body as Get a Credential.
On success, returns same object as Get a Credential.
On failure, returns an object with errors:
resp.hasErrors()
// => true
console.log(resp.errors)
// => ["Credential type can't be blank"]On success, returns same object as Get a Credential.
On failure, returns an object with errors:
$res->hasErrors();
// => true
var_dump($res->errors);
array(1) {
[0]=> string(30) "Credential type can't be blank"
}On success, returns same object as Get a Credential.
On failure, returns an object without an id, but with errors:
# => #<AuthRocket::Credential:0x3fde5fa18df8> id: nil, ...
credential.errors?
# => true
credential.valid?
# => false
credential.errors
# => ["Password can't be blank"]Events
Triggers a user.updated event.
Update a credential
Update a credentials’s attributes. Only provided attributes are changed.
Request
Example
PUT /v2/credentials/:credential_id
{ "credential" :
{ "password" : "secret",
"password_confirmation" : "secret"
}
}
var resp = await authrocket.credentials.update('crd_0v1zUpWdE4IiFc2w5ynShf', {
password: 'secret',
password_confirmation: 'secret'
})$res = $authrocket->credentials->update('crd_0v1zUpWdE4IiFc2w5ynShf', [
"password" => "secret",
"password_confirmation" => "secret"
]);cred = AuthRocket::Credential.find 'crd_0v1zUpWdE4IiFc2w5ynShf'
cred.update password: 'secret', password_confirmation: 'secret'Response
Example
Status: 200, with same body as Get a Credential.
On success, returns same object as Get a Credential.
On failure, returns an object with errors:
resp.hasErrors()
// => true
console.log(resp.errors)
// => ["Password confirmation doesn't match"]On success, returns same object as Get a Credential.
On failure, returns an object with errors:
$res->hasErrors();
// => true
var_dump($res->errors);
array(1) {
[0]=> string(35) "Password confirmation doesn't match"
}On success, returns same object as Get a Credential.
On failure, returns false:
# => false
credential.errors
# => ["Password confirmation doesn't match"]Events
Triggers a user.updated event.
For password credentials, does not generate user.password.updated or user.profile.updated events. See also Update Password and Update Profile.
For credentials associated with external providers, depending on which fields are changed, the user.updated event will often be skipped.
Verify a credential
Verify a TOTP credential. If the credential’s state is new, automatically advances to active upon success.
If already active, no changes are made to state, but the code is still verified. This is useful for verifying a user’s 2FA credential prior to performing a sensitive operation inside your app.
Request
Example
POST /v2/credentials/:credential_id/verify
{ "credential" :
{ "code" : "123456"
}
}
var resp = await authrocket.credentials.verify('crd_0v1zUpWdE4IiFc2w5ynShf', {
code: '123456'
})$res = $authrocket->credentials->verify('crd_0v1zUpWdE4IiFc2w5ynShf', [
"code" => "123456"
]);cred = AuthRocket::Credential.find 'crd_0v1zUpWdE4IiFc2w5ynShf'
cred.verify '123456'Response
Example
Status: 200, with same body as Get a Credential.
On success, returns same object as Get a Credential.
On failure, returns an object with errors:
resp.hasErrors()
// => true
console.log(resp.errors)
// => ["Verification failed"]On success, returns same object as Get a Credential.
On failure, returns an object with errors:
$res->hasErrors();
// => true
var_dump($res->errors);
array(1) {
[0]=> string(19) "Verification failed"
}On success, returns same object as Get a Credential.
On failure, returns false:
# => false
credential.errors
# => ["Verification failed"]Events
If state changed, triggers a user.updated event. Otherwise, no event is triggered.
Delete a credential
Deletes a credential.
Request
Example
DELETE /v2/credentials/:credential_id
var resp = await authrocket.credentials.delete('crd_0v1zUpWdE4IiFc2w5ynShf')$res = $authrocket->credentials->delete('crd_0v1zUpWdE4IiFc2w5ynShf');cred = AuthRocket::Credential.find 'crd_0v1zUpWdE4IiFc2w5ynShf'
cred.deleteResponse
Example
Status: 204
On success, returns an object with no errors.
On failure, returns an object with errors.
resp.hasErrors()
// => trueOn success, returns an object with no errors.
On failure, returns an object with errors.
$res->hasErrors();
// => trueOn success, returns original object.
On failure, returns false.
Events
Triggers a user.updated event.