This Authentication API requires the Users & Permissions plugin which comes with Strapi, installed by default.
## Token usage
A jwt token may be used for making permission-restricted API requests. To make an API request as a user, place the jwt token into an `Authorization` header of the GET request. A request without a token, will assume the `public` role permissions by default. Modify the permissions of each user's role in admin dashboard. Authentication failures return a 401 (unauthorized) error.
#### Usage
- The `token` variable is the `data.jwt` received when login in or registering.
Submit the user's identifier and password credentials for authentication. When the authentication is successful, the response data returned will have the users' information along with a jwt authentication token.
[👀See our complete example with detailed tutorials for each provider (with React)](https://github.com/strapi/strapi-examples/tree/master/login-react)
---
Set your providers credentials in the admin interface (Plugin Users & Permissions > Providers).
Then update and enable the provider you want use.
To authenticate the user, use the GET method to request the url, `/connect/:provider`. eg: `GET /connect/facebook`
After authentication, create and customize your own redirect callback at `/auth/:provider/callback`. The `jwt` and `user` data will be available in a .json response.
Response payload:
```json
{
"user": {},
"jwt": ""
}
```
## Forgotten password
This action sends an email to a user with the link of you reset password page. This link contains an URL param `code` which is required to reset user password.
Configure the new provider in the `Provider.js` file at the `getProfile` function.
The `getProfile` takes three params:
1. provider :: The name of the used provider as a string.
2. query :: The query is the result of the provider callback.
3. callback :: The callback function who will continue the internal Strapi login logic.
Here is an example that uses the `discord` provider.
#### Configure your oauth generic information
```js
case 'discord': {
const discord = new Purest({
provider: 'discord',
config: {
'discord': {
'https://discordapp.com/api/': {
'__domain': {
'auth': {
'auth': {'bearer': '[0]'}
}
},
'{endpoint}': {
'__path': {
'alias': '__default'
}
}
}
}
}
});
}
```
This code creates a `Purest` object that gives us a generic way to interact with the provider's REST API.
For more specs on using the `Purest` module, please refer to the [Official Purest Documentation](https://github.com/simov/purest/tree/2.x)
You may also want to take a look onto the numerous already made configurations [here](https://github.com/simov/purest-providers/blob/master/config/providers.json).
By default, this plugin comes with only one template (reset password) for the moment. More templates will come later. The templates use Lodash' template() method to populate the variables.
You can update these template in the **Email Templates** tab in the admin panel.
### Reset Password
-`USER` (object)
-`username`
-`email`
- ...and every other fields that you added manually in the model.
-`TOKEN` corresponds to the token generated to be able to reset the password.
-`URL` is the link where the user will be redirected after clicking on it in the email.
### Email address confirmation
-`USER` (object)
-`username`
-`email`
- ...and every other fields that you added manually in the model.
-`CODE` corresponds to the CODE generated to be able confirm the user email.
-`URL` is the Strapi backend URL that confirm the code (by default `/auth/email-confirmation`).
