Skip to content
Snippets Groups Projects
authentication.md 695 B
Newer Older
  • Learn to ignore specific revisions
  • Hugo NOUTS's avatar
    Hugo NOUTS committed
    # Authentication
    
    Rémi PAILHAREY's avatar
    Rémi PAILHAREY committed
    
    This backoffice is meant to be used only by the admins of Ecolyo app and so they need to login to edit the newsletters.
    
    The protocol used to login is OAuth2 with the Authorization Code grant type ([more info](https://auth0.com/docs/authorization/flows/authorization-code-flow))
    
    Once an admin is connected, he must call the /whoAmI route to access his XSRF-TOKEN and add it in a header named "XSRF-TOKEN" for all requests going to the backend.
    
    
    Hugo NOUTS's avatar
    Hugo NOUTS committed
    The only routes that can be accessed without authentication are /monthlyReport/year/month and /monthlyReport with GET.
    
    Bastien DUMONT's avatar
    Bastien DUMONT committed
    They will return all the different sections of a specific or the current newsletter in a single JSON.