vcaw
/
public
forked from root/public
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

intructions on read only access usage

content-update
lee 3 years ago committed by Clément
parent
efb6009be9
commit
dd9b5d5d10
1 changed files with 69 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 69
      docs/db/read-only-access.md

69
docs/db/read-only-access.md
unescape_control_characters View File

@ -0,0 +1,69 @@
# Read Only token
## instructions
1. **How to get read-only role?**, for applications to get read-only access they can contact an `admin` user so that he/she can add this role to that external application.
2. **How to create and associate application with read-only access?**, for this you must create an application on `gitea` then you can create your own application token. This token will grant access to your account using the `gitea` API. To create this token you must go to **user/settings/application** then **Generate New Token**, you can use this link <https://((DOMAIN))/user/settings/applications>. It should display a token.
3. **How to get the read only token?**, to get this token you must send a request to the authentication service with the application token. The authentication service can be accessed/reached by sending the request to : `https://((DOMAIN))/api/auth/apptoken?token=${appToken}`.
This route will validate the application token and build a new **JWT** that allows you to query the information needed.
The following example should help :
```js
const APPTOKEN = '<app token>' // put your application token here
const res = await fetch(
`https://dev.01-edu.org/api/auth/apptoken?token=${APPTOKEN}`
)
const { token } = await res.json()
// you should take care of error cases
console.log('JWT : ', token)
```
4. **What can you query?**, querying information is dependent on the users role. A role is given by default to every user, in this case it should be a `read_only` role. You can see more about possible information you can query [here](db-authorization.md)
5. **How to query the information?**, to query the information you must send a request with the query you desire to use. You can see more information and instructions about this on the project [graphql](../../subjects/graphql/README.md).
The following example should help :
```js
const jwt = '<jwt>' // put your jwt here
const query = '{user(where:{id:{_eq:1}}){login}}' // what you want to query
const res = await fetch(
'https://((DOMAIN))/api/graphql-engine/v1/graphql',
{
method: 'POST',
headers: { Authorization: `Bearer ${token}` },
body: JSON.stringify({ query }),
}
)
const { data } = await res.json()
// you should take care of error cases...
console.log(data)
```
## Observations
Because of the nature of JWT you should renew the token often, normally this token will have a life spam of one day.
To refresh the tokens you need to do the following:
- Send a request to the authentication service with the `JWT`. The authentication service can be accessed/reached by sending the request to : `https://((DOMAIN))/api/auth/refresh?token=${jwt}`. This route will create a new token and expire the current token.
The following example should help :
```js
const JWT = '<jwt>' // put your jwt here
const res = await fetch(
`https://dev.01-edu.org/api/auth/refresh?token=${JWT}`
)
const { token } = await res.json()
// you should take care of error cases...
console.log('JWT : ', token)
```
Write Preview
Loading…
Cancel
Save