Re: /login Changes


Jordan Evans
 

Hi Mark,

On Tue, Jun 16, 2020 at 12:33 PM Mark Fletcher <markf@corp.groups.io> wrote:

Hi Jordan,

On Mon, Jun 15, 2020 at 5:13 PM Jordan Evans <jevans@...> wrote:


I noticed that the domain parameter for the login endpoint was removed
(https://groups.io/api#login). I don't recall when that happened, but
it seemed the parameter worked until fairly recently. I have a couple
of related questions:
It was removed on May 26th as part of a fix for a bug preventing the in-development app from logging in on domains other than groups.io



1. Are we expected to auth against the actual domain now? (for
example, https://lists.onap.org/api/v1/login instead of
https://groups.io/api/v1/login?domain=lists.onap.org&...) We
previously used the domain parameter to determine if
an enterprise setup was already deployed for a given domain.
2. Does the token parameter for login currently work? It seems I still
get a cookie and the response appears unchanged.
It should all work as before except you need to log in using the domain in the URL instead of as a parameter. Nothing else changed. The token parameter should work; if it doesn't please let me know the URL you're using to log in and I'll investigate.
Yep, I missed the token response in the bottom of the JSON response.


In terms of trying to determine if a group is set up or not, I would think that the login call wouldn't resolve since the DNS setup wouldn't be complete yet. Could you use that as an indicator?
My reluctance with that is that we don't want to send groups.io
credentials/tokens to a potential third-party. From testing, it
appears if I make the call to https://groups.io/api/v1/login with a
modified Host header, it works as expected, and I don't worry about
sending credentials to other parties.

Join api@beta.groups.io to automatically receive all group messages.