Testing the Setup
Welcome to the installation guide. Now that you have completed the installation, let’s explore the various functionalities provided by this package. For the following examples, we will assume that the REST API is reachable at http://localhost:8000.
To retrieve a token for a user, you can use the following command with curl:
$ curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&grant_type=password&username=<user_name>&password=<password>" http://localhost:8000/auth/token
Here, replace client_id and client_secret with the keys generated automatically by the Application model you created.
To refresh a token, use the following command:
$ curl -X POST -d "grant_type=refresh_token&client_id=<client_id>&client_secret=<client_secret>&refresh_token=<your_refresh_token>" http://localhost:8000/auth/token
You can exchange an external token for a token linked to your app using:
$ curl -X POST -d "grant_type=convert_token&client_id=<client_id>&client_secret=<client_secret>&backend=<backend>&token=<backend_token>" http://localhost:8000/auth/convert-token
Here, replace backend with the name of an enabled backend and backend_token with the token you received from the external service.
Finally, to revoke tokens, use the following commands:
To revoke a single token:
$ curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&token=<your_token>" http://localhost:8000/auth/revoke-token
To revoke all tokens for a user:
$ curl -H "Authorization: Bearer <token>" -X POST -d "client_id=<client_id>" http://localhost:8000/auth/invalidate-sessions
To revoke only refresh tokens:
$ curl -H "Authorization: Bearer <token>" -X POST -d "client_id=<client_id>" http://localhost:8000/auth/invalidate-refresh-tokens
No need to build your own request as you can also use the provided curl commands or the Swagger interface.