$ curl -c - -X POST "https://auth.natixar.pro/api/login" -H "Content-Type: application/json" -H "Authorization: GXEHQY9507eAO0U724n-dQ7Ku1SSaEQzNAjJ4tNvZwmBtMTGCtSXX-7c" -d '{
"loginId": "[email protected]",
"password": "password",
"noJWT": false,
}'|jq
{
"fieldErrors": {},
"generalErrors": [
{
"code": "[TenantIdRequired]",
"message": "A Tenant Id is required to complete this request. To complete this request, you may assign a Tenant to your API key, or add the X-FusionAuth-TenantId HTTP request header with the Tenant Id."
}
]
}
The Authorization is a key valid for all tenants. At the same time, it is not specific to a particular tenant. This curl command shows how to login a user, when the credentials have been collected in a react form, in the application UI.
$ curl -c - -X POST "https://auth.natixar.pro/api/login" -H "X-FusionAuth-TenantId: d5a5b255-c0b9-eab1-e918-25ce27ee92be" -H "Content-Type: application/json" -H "Authorization: GXEHQY9507eAO0U724n-dQ7Ku1SSaEQzNAjJ4tNvZwmBtMTGCtSXX-7c" -d '{
"loginId": "[email protected]",
"password": "password",
"noJWT": false
}'|jq
set-cookie: access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVjYjRhNjMzYSJ9.eyJleHAiOjE3MTM3MTkwNjcsImlhdCI6MTcxMzcxNTQ2NywiaXNzIjoiaHR0cHM6Ly9hdXRoLm5hdGl4YXIucHJvIiwic3ViIjoiYTc4NTQwNWEtMjk3Mi00NmJlLWEzZjktYmMzOGZhOWQxNjlmIiwianRpIjoiM2MwYjI3OWEtNzk1Ni00ZGMyLTgyNzgtOTZlNGI5MzgwMTRlIiwiYXV0aGVudGljYXRpb25UeXBlIjoiUEFTU1dPUkQiLCJlbWFpbCI6InJpY2hhcmRAZXhhbXBsZS5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXV0aF90aW1lIjoxNzEzNzE1NDY3LCJ0aWQiOiJkNWE1YjI1NS1jMGI5LWVhYjEtZTkxOC0yNWNlMjdlZTkyYmUifQ.VjZuoyvj6aT2jEFGxB0FhhO8fthEQbVyxocVYyhFAEc; HttpOnly; Path=/; SameSite=Lax; Secure
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVjYjRhNjMzYSJ9.eyJleHAiOjE3MTM3MTkxOTQsImlhdCI6MTcxMzcxNTU5NCwiaXNzIjoiaHR0cHM6Ly9hdXRoLm5hdGl4YXIucHJvIiwic3ViIjoiYTc4NTQwNWEtMjk3Mi00NmJlLWEzZjktYmMzOGZhOWQxNjlmIiwianRpIjoiZWM0M2YwMDctYzUzNi00ZTlhLTk1NjAtMDA0YWY3ZmQyYjQ5IiwiYXV0aGVudGljYXRpb25UeXBlIjoiUEFTU1dPUkQiLCJlbWFpbCI6InJpY2hhcmRAZXhhbXBsZS5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXV0aF90aW1lIjoxNzEzNzE1NTk0LCJ0aWQiOiJkNWE1YjI1NS1jMGI5LWVhYjEtZTkxOC0yNWNlMjdlZTkyYmUifQ.QKieOAwYBebq37S0ndczyoOPZ56lqidHFLH2Bwtzc90",
"tokenExpirationInstant": 1713719194148,
"user": {
"active": true,
"birthDate": "1985-11-23",
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"data": {},
"email": "[email protected]",
"firstName": "Richard",
"id": "a785405a-2972-46be-a3f9-bc38fa9d169f",
"insertInstant": 1708506066516,
"lastLoginInstant": 1713715594148,
"lastName": "Hendricks",
"lastUpdateInstant": 1708506066516,
"memberships": [
{
"data": {},
"groupId": "955df980-71c3-4034-8ac5-e6ab5e3e0473",
"id": "48cf28c0-e41a-40d8-a364-1334baa8ed20",
"insertInstant": 1711287287892
},
{
"data": {},
"groupId": "c9d8aa29-10fa-4ee0-99c7-3222b6f17b41",
"id": "fa4668f8-62a5-4f08-aad7-05fbb199b4b9",
"insertInstant": 1711289462332
}
],
"passwordChangeRequired": false,
"passwordLastUpdateInstant": 1708506066550,
"preferredLanguages": [],
"registrations": [
{
"applicationId": "844588d0-9937-4edf-bc5e-88011bb483eb",
"data": {},
"id": "aec927e2-92dd-4638-b671-7de39fb8ecee",
"insertInstant": 1708513720307,
"lastLoginInstant": 1708539507768,
"lastUpdateInstant": 1708513758536,
"preferredLanguages": [],
"roles": [],
"tokens": {},
"username": "[email protected]",
"usernameStatus": "ACTIVE",
"verified": true,
"verifiedInstant": 1708513720307
},
{
"applicationId": "5e9cba0b-4978-4a24-88c0-0a45b0ed067f",
"data": {},
"id": "387abf78-9272-4987-9fbc-abc9cc71d772",
"insertInstant": 1712231522819,
"lastLoginInstant": 1713436782845,
"lastUpdateInstant": 1712231522819,
"preferredLanguages": [
"fr_FR"
],
"roles": [
"Access LCIA pages",
"Access billings page",
"Access carbon tracking pages",
"Access process editor",
"Create user",
"Decrease number of seats",
"Delete user",
"Disable 2FA for user",
"Generate carbon tracking report",
"Increase number of seats",
"Pay online",
"Purchase a package",
"Purchase optional feature",
"Remove a package",
"Reset user password"
],
"tokens": {},
"username": "Richard Hendricks",
"usernameStatus": "ACTIVE",
"verified": true,
"verifiedInstant": 1712231522819
}
],
"tenantId": "d5a5b255-c0b9-eab1-e918-25ce27ee92be",
"twoFactor": {
"methods": [],
"recoveryCodes": []
},
"usernameStatus": "ACTIVE",
"verified": true,
"verifiedInstant": 1708506066516
}
}
The keys are cryptographic and cannot be chosen, but application UUID are free.
The Http_Only cookies is for the back-end, and the JWT access token returned in the response body is for the front-end. They are identical. The payload of the JWT is basic in this example:
{
"exp": 1713719067,
"iat": 1713715467,
"iss": "https://auth.natixar.pro",
"sub": "a785405a-2972-46be-a3f9-bc38fa9d169f",
"jti": "3c0b279a-7956-4dc2-8278-96e4b938014e",
"authenticationType": "PASSWORD",
"email": "[email protected]",
"email_verified": true,
"auth_time": 1713715467,
"tid": "d5a5b255-c0b9-eab1-e918-25ce27ee92be"
}
In the work flow, the user clicks on "Climate Change Dashboard" indicating that they wish to connect to the Climate Change Dashboard of their company.
Once the user email has been collected, the react code in the login window shall derive an application UUID from the selected application and the domain part of the email address. Some crypto hash will do the job, but it has to be standardized and documented, because the client create API in the backend must use the same algorithm to set the UUIDs of applications.