Auth HUB

---

Documentation on the AuthHub authorization process

System description

AuthHub is an authorization system that uses redirect_url to return the user after successful authorization. The user first goes to AuthHub for authorization, then returns to the site from which he came, with a token in the query parameters. Using this token, the site requests valid JWT tokens (access, refresh) from AuthHub for further access to the API.

Authorization stages

1. Redirecting the user to AuthHub

When authorization begins, the user is redirected to the AuthHub website. The request must include the redirect_url parameter, which will indicate the return link after authorization.

Query example:

[https://auth.ecom.md/ru/auth?redirect_url=<URL_YOUR_SITE>](https://auth.ecom.md/ru/auth?redirect_url=<URL_YOUR_SITE>)

• <URL_YOUR_SITE> is the final link to your site, where the user will be redirected after authorization.
• For example, https://auth.ecom.md/ru/auth?redirect_url=https://www.youtube.com/

2. Redirect with a token to your website

Once the user has successfully logged in, AuthHub will redirect the user back to your site using the supplied redirect_url. The address must contain a query parameter token with the temporary value of the token.

Example URL after redirect:

[https://example.com/callback?token=<AUTH_TOKEN>](https://example.com/callback?token=<AUTH_TOKEN>)

• <AUTH_TOKEN> is a temporary token provided by AuthHub that should be used to obtain JWT tokens.

3. Request JWT tokens from AuthHub API

To receive JWT tokens, your site makes a request to a special API provided by AuthHub. The token passed to redirect_url is used in the request body as input.

Query example:

curl --location '<http://admin.ecom.md/users/hub-auth/'> \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
  "token": "<AUTH_TOKEN>"
}'

4. Reply from AuthHub

If the passed token is successfully validated, AuthHub returns a structure with JWT tokens for the user.

Example answer:

{
  "refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...", // Token for refresh
  "access": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...", // Access token (limited period)
  "auth_token": "vt0tT3LFtACHs82q6EWmv6rTAHVfrwvsQ9..."
}

Important:
When authorization is carried out via AuthHub, you can add a flag to the request:

"is_hub": true

5. Using an Access token for subsequent requests

Once you have received the tokens, you can use the access token to make authorized requests to your site's secure APIs.

Usage example:

curl --location '<https://admin.ecom.md/user/user-group'> \
--header 'Authorization: Bearer <ACCESS_TOKEN>'

• Access token (access) - used for authorized requests.
• Refresh token (refresh) - used to obtain a new access token if the current one has expired.

Full example of authorization

1. The user goes to AuthHub, URL:

   https://auth.ecom.md/ru/auth?redirect_url=https://www.youtube.com/

2. After authorization, AuthHub redirects the user to the address:

   https://www.youtube.com/?token=vt0tT3LFtACHs82q6EWmv6rTAHVfr...

3. Your site sends a request to receive JWT tokens:

   curl --location ' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --data '{ "token": "vt0tT3LFtACHs82q6EWmv6rTAHVfr..." }'

4. AuthHub API returns tokens:

   { "refresh": "", "access": "", "auth_token": "" }

5. Your site uses an access token for authorized requests to the API:

   curl --location '\ --header 'Authorization: Bearer '

Important points and recommendations

1. Safety:

   • Ensure that all requests are made over HTTPS to protect data from leakage.

   • Do not store access and refresh tokens in unsecured places such as LocalStorage or inside a URL.

     2. Limitation of validity period of tokens:

   • Access tokens are valid for a limited time, after which you need to use a Refresh token to request a new Access token.

2. redirect_url :

   • This link must be configured to correctly handle the returned token parameter.

Glossary of terms

• Redirect URL - the address to which AuthHub redirects the user after successful authorization.
• Auth Token is a temporary token used to obtain the main set of JWT tokens.
• Access Token - token for performing protected requests (valid for a limited time).
• Refresh Token - a token for extending the validity period of the Access Token.

---

Was the article helpful?

Yes, thank you! Unfortunately no