971762 - Add new authenticate/create API to login

Status: RESOLVED FIXED

(Webmaker Graveyard :: Login, defect)

Description

[Jon Buckley [:jbuck]]

As part of the login refresh, we need to add two new API routes to the login server:

/api/user/authenticate:
Accepts a JSON payload consisting of a Persona assertion, and a Persona audience.

If the audience is in the whitelist, then go and verify the assertion. If the assertion is valid and returns an email address then look it up in the database. If the user is in the database, then return the user's info.

In all other cases, return a JSON payload with the "error" key set to something English-readable and actionable.

/api/user/create:
Accepts a JSON payload consisting of a Persona assertion, a Persona audience, and a username.

If the If the audience is in the whitelist, then go and verify the assertion. If the assertion is valid and returns an email address then create the user and returns the newly created users info.

In all other cases, return a JSON payload with the "error" key set to something English-readable and actionable.

Comment 1

[Jon Buckley [:jbuck]]

Attachment: https://github.com/mozilla/login.webmaker.org/pull/233

Cade added some comments that need fixing up

Comment 2

[Jon Buckley [:jbuck]]

Kate noted that it would probably make sense to do the BSD form submission inside the login server, rather than the front-end code.

Comment 3

[[github robot]]

Commit pushed to master at https://github.com/mozilla/login.webmaker.org

https://github.com/mozilla/login.webmaker.org/commit/4529b0c649d7aa967a5a301b0adfb86ee9c50380
Fix bug 971762 - Add new authenticate/create users API