User Authentication Routes

The Backend Routes Controlling User Authentication

The routes dedicated to user authentication are as follows:

  • /api/user/login : As stated in Structure, if a user supplies a UCI email, redirect them to /api/saml/login, where they can log on via UCI Shibboleth. Otherwise, redirect them to /api/guest/login. Upon logging in successfully, a JSON Web Token will be generated and stored as a cookie in the client's browser that expires in one hour.

  • /api/user/logout: Removes the above cookie, effectively logging the user out

  • /api/user/me: Returns a dictionary containing metadata about the user, including their UID, role, and status

  • /api/guest/login: Sends a user an email containing a generated passphrase that will expire in 10 minutes. The user is then redirected to a page where they are prompted for that passphrase in order to successfully log in.

  • /api/guest/verify: Verifies that the passphrase a guest user entered is correct, generates a JWT, and redirects them to the portal page.

  • /api/saml/login: Redirects the user to Shibboleth login. We've worked with OIT to configure Shibboleth so that it will automatically redirect back to our site once a user has logged in with information about the user that just logged in.

PreviousExternal Services UsedNextUser Routes

Last updated