Authentication with IDme now happens via SessionStore cookie. The epic outlining that work is here
Prior approach, deprecated in favor of SessionStore cookie
Many of the APIs are protected by a session token from ID.me. In order to obtain
this token, one must perform authentication through ID.me. This authentication
flow requires that the ID.me certificates are properly configured within
vets-api
.
The README contains instructions for installing a certificate
that will work for local development. If your setup differs from this, customize
the config/settings.local.yml
file with suitable configuration. For example,
saml:
cert_path: /path/to/cert
key_path: /path/to/key
See config/settings.yml for all of the configuration options.
Note the following two endpoints:
curl localhost:3000/v0/status # does not require a session token
curl localhost:3000/v0/welcome # requires a session token
Start the vets-api
rails server:
bundle exec rails s
- Curl or browse to
http://localhost:3000/sessions/idme/new
- The response takes the form:
{
"url": "https://very.long.url/with/a/bunch/of/crypto/stuff"
}
Copy and paste the URL into your browser.
- Enter ID.me credentials using one of our test accounts. If you do not have access to the vets.gov-team repository, you may optionally create your own account with ID.me.
- Note: Accounts created on the https://api.id.me/ ID.me site are separate from accounts created in the https://api.idmelabs.com sandbox.
- The browser should get redirected to the SAML relay URL of http://localhost:3001/auth/login/callback?token=abcd1234-efgh5678
The browser will display
Page Not Found
, but that's normal.
- Note: If
vets-website
were also running locally on3001
, it would render properly
- Copy the token value and attempt the following curl commands:
curl --header "Authorization: Token token=<TOKEN_VAL>" localhost:3000/v0/welcome
# Expected response:
# {"message":"You are logged in as [email protected]"}
A valid JSON response means you succeeded!