Auth API Calls

This post is on a very short look into some API calls I hit with Auth.

Let me come again with my Data Model to show some isolation I’d planned for Auth and Data.

Now, for the Cover Story,

Image result for hasura auth

User Sessions

Any 2 HTTP calls are completely berserk, they are independent. It’s the HTTP header/ the cookie that identifies 2 calls with the same user, from IMAD :).

This throws insight into sessions and user management on the Server-side. But thanks for the interns, Hasura all-rounds the session store and the cookie business, even rendering user_info for any logged in user.

Recall from the last story that, client-end of things are just to make HTTP calls and the API gateway does the authentication and upstream forwarding.

It’s surprising that even the Auth Service is a Postgres Schema, with the same query structure and form.
Note: My app is built on parallel lines with the Data Modeling. Following up on the last post, I remind readers, that I’ve captured shots & snips of okHttp logs (Retrofit) I get on the Android Monitor while I emulate these calls on my device.

If you were to make a guess that my request & response POJO objects are ready, then I wouldn’t deny :)

Register an User

An elementary step for any sovereign app :)
I pass username, password and mobile counting for a testament.
The user is assigned an id and a role. Though the auth_token is purely granted on login.
Voila, Hasura Auth Console pomps up a new record!

Log the User In

It’s really cool on how Hasura manage multi-sessions for an user across devices. I’ve personally noticed this feature.

Just look out for my active sessions. I’ve got 3 sessions on different devices.
Maybe, they map the user_id inside a Cookie object to point to a list of user_tokens?
There you go is a login request. A simple one.
An auth_token is generated and from hereon, I attach it while making privilege requests as an user.

Log the user out

A simply task of deleting the cookie set by the session-store on the server.
A GET request with an authentication header bearing the auth_token of the logged in user.
A Typical logout response
Note: This is just a demo of the few features I tried out with Hasura API calls and my auth_tokens & sessions are long gone :)

Concluding Note

This is kind of how Hasura manage users in your project’s console.

It’s a cakewalk to make API calls, tasting the broth, but cooked with sheer efforts by the Chef, Hasura.

I’ve briefly written about Postman collections and request grouping in the prequel blog. Find my Postman Collection for Auth APIs here.

Watch out for the next story :)