3.3 Hasura Auth API + Postman collection

Coming towards the end of third week, we will be looking at sessions, users and roles on Hasura. All these come under the auth section whereas 3.2 dealt with the data section. This is the link to 3.1 data modelling.

Hasura Auth provides an HTTP API for authentication and authorization of identities on the Hasura platform. This API can be consumed directly by frontend interfaces like mobile apps, browser-based apps, device apps as well as any server-side program. ~ https://hasura.io/_docs/auth/4.0/

In our app, we will be using our nodejs back-end to call these APIs and make custom end points for the front-end to call. So, to test the auth API, I thought of implementing basic functionalities like sign-up(using email verification), sign-in and sign-out. I am using POSTMAN to test the end points.

Quick note: auth is a very important concept! Since we know that HTTP is a stateless protocol, i.e. transaction information between server and client is lost as soon as it ends; to recognise the client, the server uses a auth token which is added as a cookie (Cookie is something which the browser remembers to send with each request). It is also called session id and is deleted once the user logs out. Session id is a very critical piece of information and may cause session hijacking.

src: http://robmclarty.com/system/pictures/sources/65/flow-cookie-session_large.jpg?1450223782

SIGN UP

For email verification, we will be using SparkPost, the only email verification service supported by Hasura as of now. This vendor provides us with one lac emails per month for free and is easy to use! More information on using SparkPost can be found in their docs page. I have integrated my domain semicolonlabs.co with SparkPost to send custom verification mails!

Let us see how it works by creating a test-user. I will be using my gmail account for verification.

POST HTTP 1.1 on auth.<project>.hasura.me/signup
Response from above request!
Now we receive a verification token on our mail from SparkPost!

Referring to the docs, we go to auth.<project>.hasura.me/email/confirm?token=<token>!

Hence we can see that the mail is verified!
New user is created!

SIGN IN

We will sign in with the account we just created!

POST HTTP 1.1 auth.<project>.hasura.me/login
Response from the request above!

We see that we receive a auth token which we’ll use for requests further!

USER INFO

To receive information about user, we make a call to auth.<project>.hasura.me/user/account/info! We have to add the previously obtained authorisation bearer token in header!

Result of info request

SIGN OUT

Our final API request is a sign-out request. We make GET request to auth.<project>.hasura.me/user/logout!

Logout message

UP NEXT

Moving to week four, we will be finally starting with our app’s first screen! Stay tuned for updates!

PS, link to POSTMAN collection is this.