Using curl and jQuery.ajax to access an authenticated API with html forms to sign up, sign in, and sign out of an API. We'll also change our passwords. The API uses Token authentication and we'll see how to make authenticated request (sign out and change password).
- jquery-ajax-*
By the end of this talk, developers should be able to:
- Use
curlto access an authenticated API. - Use
$.ajaxto access an authenticated API.
- Fork and clone this repository.
- Create a new branch,
training, for your work. - Install dependencies with
npm install.
Why is authentication an important topic?
Web APIs often require some sort of authentication. The game API requires users to register and then login to gain an authentication token.
We'll use curl, httpbin.org, and jQuery.ajax to
explore HTTP further. Then we'll connect to an authenticated API,
library-api.
The operations we'll perform:
| verb | path | parameters |
|---|---|---|
| POST | /sign-up |
credentials containing email, password, password_confirmation |
| POST | /sign-in |
credentials containing email and password (response contains auth data) |
| PATCH | /change-password/:id |
passwords containing old and new (requires Authorization header) |
| DELETE | /sign-out/:id |
None (requires Authorization header) |
First we'll test our command against an echo server to make sure we're sending the right data. There's no need to use an actual e-mail address and don't use anything you might want to actually use as a password.
We'll use scripts/sign-up[-json].sh to run curl, first sending JSON then
sending data the way the browser does by default. We'll see how the server
treats both ways of sending data (it's all just strings) in a similar way.
If we left out the --include flag we wouldn't see the response header. What's
the benefit of using an echo server?
Next we'll want to actually register with the API.
We'll modify scripts/sign-up[-json].sh to connect to the library-api.
Now let's put code into assests/scripts/auth/* to get another "e-mail" address
registered with the API. We'll again start with the echo server.
Now with url encoded data in scripts/sign-in.sh, let's sign in to the account
we just created.
Add a form to index.html and code to assets/scripts/auth/* to login to the
API. You may want to start by using the echo service to check your request.
What should we do with the data returned by the API?
We'll use scripts/change-password[-json].sh to change a password. After that
we'll verify that we can no longer authenticate using the old password.
Add a change password form to index.html and code to assets/scripts/auth/*
to change the password.
Signing out invalidates the the current token.
We'll use scripts/sign-out.sh to sign out of the API. We'll verify that the
token we used is no longer valid.
Add a sign out form to index.html and code to assets/scripts/auth/* to sign
out of the API.
Developers should run these often!
grunt nagor justgrunt: runs code quality analysis tools on your code and complainsgrunt reformat: reformats all your code in a standard stylegrunt <server|serve|s>: generates bundles, watches, and livereloadsgrunt test: runs any automated tests, depends ongrunt buildgrunt build: place bundled styles and scripts whereindex.htmlcan find them
- All content is licensed under a CCBYNCSA 4.0 license.
- All software code is licensed under GNU GPLv3. For commercial use or alternative licensing, please contact [email protected].