{"info":{"_postman_id":"d1aedcf1-f2ca-4cc9-83fc-fdb7bc997536","name":"Auth server","description":"<html><head></head><body><p>Authentication server with,</p>\n<ul>\n<li>Email password login</li>\n<li>Emaill magic link login</li>\n<li>OAuth login with providers such as<ul>\n<li>GitHub</li>\n<li>Google</li>\n<li>Twitter (X)</li>\n</ul>\n</li>\n<li>2 Factor authenticaiton<ul>\n<li>TOTP</li>\n<li>PasssKeys</li>\n</ul>\n</li>\n</ul>\n<p>With modern day security best practices</p>\n</body></html>","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"26265282","collectionId":"d1aedcf1-f2ca-4cc9-83fc-fdb7bc997536","publishedId":"2s9YeAAaD4","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2023-11-30T16:05:56.000Z"},"item":[{"name":"2 Factor authentication","item":[{"name":"TOTP","item":[{"name":"Generate","id":"09792fce-a6ef-4849-97a4-cb7d88fafb8c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"url":"http://localhost:8080/auth/otp/generate","description":"<p>Generate a TOTP secret and URL inorder to enable two fator authentication</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","otp","generate"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"09792fce-a6ef-4849-97a4-cb7d88fafb8c"},{"name":"Verify","id":"c9ecb516-3442-4c68-a204-540829f7af13","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"code\": \"448310\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/auth/otp/verify","description":"<p>Verify the time based token with the TOTP generated and saved in the database</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","otp","verify"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"c9ecb516-3442-4c68-a204-540829f7af13"},{"name":"Reset","id":"14fe3793-9906-4cf1-bbaf-1ae993353e15","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"username\": \"johndoe\",\n    \"password\": \"WgJHQfzjmQOrfShlSZqsKMIEbVjEADjahrHeWqJMdTlQVErBWULmmSJLyZSdwbhA\",\n    \"memonic_phrase\": \"grid about surround slot used robust soon stuff hire brother space harbor title raise hero october dinosaur during drive honey garment mind better rhythm\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/auth/otp/reset","description":"<p>Turn off 2 factor verification upon successfull verifiacation of the memonic phrase</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","otp","reset"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"14fe3793-9906-4cf1-bbaf-1ae993353e15"},{"name":"Validate TOTP code and Login","id":"530914e1-3efd-446b-ac04-6d7922cf6cd8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"id\": \"8750fc79-7a20-4be1-9af3-a7c5255ff5cc\",\n    \"code\": \"640162\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/auth/otp/validate","urlObject":{"protocol":"http","port":"8080","path":["auth","otp","validate"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"530914e1-3efd-446b-ac04-6d7922cf6cd8"}],"id":"ef79d1d4-acc1-4669-806c-2843eafb491f","description":"<p>Contains requests related to TOTP 2 factor verification method</p>\n","_postman_id":"ef79d1d4-acc1-4669-806c-2843eafb491f"}],"id":"619cc985-8941-4826-957f-fb1687590205","description":"<p>Two factor authentication allows users to secure there account by adding an extra attribute to the login flow, even though this makes the login process much more tedious it gives the user an extra layer of protection.</p>\n","_postman_id":"619cc985-8941-4826-957f-fb1687590205"},{"name":"PassKeys","item":[{"name":"GetPassKeys","id":"246a6c78-54bb-44da-8677-6f47a009ce52","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://localhost:8080/auth/passkeys/get","description":"<p>Get all the passkeys registered with the given user account</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","passkeys","get"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"246a6c78-54bb-44da-8677-6f47a009ce52"},{"name":"EditPassKeys","id":"2b88b09e-7254-4040-ae48-ca2dc59f7114","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"newName\": \"New PassKey name\",\n    \"passKeyID\": \"xjbVkChupqE2toQHH0kRpq84IKfF8qurg433QQ95dg0\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/auth/passkeys/edit","description":"<p>Edit created passkeys, this allows the user to give a name to the passkey so he/she can identify it much more easily</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","passkeys","edit"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"2b88b09e-7254-4040-ae48-ca2dc59f7114"},{"name":"DeletePassKey","id":"3d990816-34ea-4dc5-98be-2490152ba28a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"passKeyID\": \"ELl7H2htZZR7MQSz1TdJfiLHKlLSlrZKTqI9vpGgZ38\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/auth/passkeys/delete","description":"<p>Gives the user the ability to delete a passkey</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","passkeys","delete"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"3d990816-34ea-4dc5-98be-2490152ba28a"}],"id":"e644cb89-48ac-4fed-a208-1c1d1cffa13f","description":"<p>Requests related to creating and managing passkeys</p>\n","_postman_id":"e644cb89-48ac-4fed-a208-1c1d1cffa13f"},{"name":"Admin","item":[{"name":"Delete","item":[{"name":"sessions","id":"5f94b0f1-e39d-48c9-8ab2-c609b2199ae5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://localhost:8080/admin/delete/sessions","description":"<p>Delete session tokens that are expired in the database, this route should be ran via a cronjob periodically</p>\n","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"WIUIjXSewLqORAFspmVhfQncKYbjCRwXbpFNAzZJsgLUefkKsKbtmLPyXBGxVBmlpcRrMEoc"}]},"isInherited":true,"source":{"_postman_id":"0400e6e7-aebf-4f6e-9e8f-b2f5adae83dd","id":"0400e6e7-aebf-4f6e-9e8f-b2f5adae83dd","name":"Admin","type":"folder"}},"urlObject":{"protocol":"http","port":"8080","path":["admin","delete","sessions"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"5f94b0f1-e39d-48c9-8ab2-c609b2199ae5"}],"id":"980bb98f-09b3-49cb-bf88-bd9707ed7976","description":"<p>Delete and manage various items on the database</p>\n","_postman_id":"980bb98f-09b3-49cb-bf88-bd9707ed7976","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"WIUIjXSewLqORAFspmVhfQncKYbjCRwXbpFNAzZJsgLUefkKsKbtmLPyXBGxVBmlpcRrMEoc"}]},"isInherited":true,"source":{"_postman_id":"0400e6e7-aebf-4f6e-9e8f-b2f5adae83dd","id":"0400e6e7-aebf-4f6e-9e8f-b2f5adae83dd","name":"Admin","type":"folder"}}}],"id":"0400e6e7-aebf-4f6e-9e8f-b2f5adae83dd","description":"<p>Contains admin requests sent to the server to manage various datbase and server resources</p>\n","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"WIUIjXSewLqORAFspmVhfQncKYbjCRwXbpFNAzZJsgLUefkKsKbtmLPyXBGxVBmlpcRrMEoc"}]},"isInherited":false},"event":[{"listen":"prerequest","script":{"id":"fbeff468-c2b6-4c98-9d9e-29f6c9b120e5","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"ab9e7993-3819-4490-812a-c5fceb1a5779","type":"text/javascript","exec":[""]}}],"_postman_id":"0400e6e7-aebf-4f6e-9e8f-b2f5adae83dd"},{"name":"Devices","item":[{"name":"Get logged in devices","id":"3fda5eae-1f95-4b8d-bdbc-4d2a9ffd21b5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://localhost:8080/user/devices/list","description":"<p>Get a list of logged in devices</p>\n","urlObject":{"protocol":"http","port":"8080","path":["user","devices","list"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"3fda5eae-1f95-4b8d-bdbc-4d2a9ffd21b5"},{"name":"Remove device","id":"d94dae88-dce2-4043-8b41-0eb417f03b5e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"id\": \"70a3d5ea-851f-11ee-979e-e65a5f146d34\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/user/devices/remove","description":"<p>Logout from a logged in device that you do not recognize</p>\n","urlObject":{"protocol":"http","port":"8080","path":["user","devices","remove"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"d94dae88-dce2-4043-8b41-0eb417f03b5e"}],"id":"71630ffa-be1f-49e2-9420-d5fae6a4d57f","description":"<p>Operations related to user loged in devices</p>\n","_postman_id":"71630ffa-be1f-49e2-9420-d5fae6a4d57f"},{"name":"Re Authenticate","item":[{"name":"Password","id":"c50fdeb7-81d7-47dc-ab91-5441f35e80ff","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"password\": \"WgJHQfzjmQOrfShlSZqsKMIEbVjEADjahrHeWqJMdTlQVErBWULmmSJLyZSdwbhA\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/auth/reauthenticate/password","description":"<p>Reauthenticate the user with the email and the password</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","reauthenticate","password"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"c50fdeb7-81d7-47dc-ab91-5441f35e80ff"}],"id":"1a989e94-5701-49ee-9d27-23a58ef98ec4","description":"<p>Different means of reauthentication to confirm certain operations</p>\n","_postman_id":"1a989e94-5701-49ee-9d27-23a58ef98ec4"},{"name":"OAuth","item":[{"name":"GitHub","item":[],"id":"fb5f8995-2a84-4039-bb04-6df7377632c3","description":"<p>OAuth flow operations regardning to the GitHub oauth provider</p>\n","_postman_id":"fb5f8995-2a84-4039-bb04-6df7377632c3"}],"id":"96198d52-95ec-44b4-a312-feac3c364e14","description":"<p>OAuth related authentication with providers such as,</p>\n<ul>\n<li><p>GitHub</p>\n</li>\n<li><p>Google</p>\n</li>\n<li><p>Twitter</p>\n</li>\n</ul>\n","_postman_id":"96198d52-95ec-44b4-a312-feac3c364e14"},{"name":"Check","item":[{"name":"username","id":"a526d995-a03f-4c27-a326-0724abc64d08","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"username\": \"johndoe\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/check/username","urlObject":{"protocol":"http","port":"8080","path":["check","username"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"a526d995-a03f-4c27-a326-0724abc64d08"}],"id":"765b7027-4e6b-4c5b-8278-c4aa40ce877d","description":"<p>Check various unique values defined by the user to ensure that they are unique throughout the database</p>\n","_postman_id":"765b7027-4e6b-4c5b-8278-c4aa40ce877d"},{"name":"User","item":[{"name":"Password","item":[{"name":"Status","id":"c892867a-7fdc-4b6e-81dc-bcba54e10ba8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://localhost:8080/user/password/status","urlObject":{"protocol":"http","port":"8080","path":["user","password","status"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"c892867a-7fdc-4b6e-81dc-bcba54e10ba8"},{"name":"AddPassword","id":"3f031b90-bd92-447b-8233-a45dfefa9a49","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"password\": \"uYlZfqmGdwYoVloIvbOHeTSfGlLEqZEEcrHxcwrSJcreNpy\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/user/password/add","urlObject":{"protocol":"http","port":"8080","path":["user","password","add"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"3f031b90-bd92-447b-8233-a45dfefa9a49"},{"name":"Change","id":"0b64b7df-1767-4204-81fa-f84b554f36f4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"old_password\": \"uYlZfqmGdwYoVloIvbOHeTSfGlLEqZEEcrHxcwrSJcreNpy\",\n    \"password\": \"WgJHQfzjmQOrfShlSZqsKMIEbVjEADjahrHeWqJMdTlQVErBWULmmSJLyZSdwbhA\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/user/password/change","urlObject":{"protocol":"http","port":"8080","path":["user","password","change"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"0b64b7df-1767-4204-81fa-f84b554f36f4"},{"name":"New Request","id":"43fe9b9c-525e-4de9-b1ea-9ee2e66809de","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"urlObject":{"query":[],"variable":[]},"url":""},"response":[],"_postman_id":"43fe9b9c-525e-4de9-b1ea-9ee2e66809de"}],"id":"3221d0ba-a0f8-48db-aad8-8f5537a3e9a2","description":"<p>Requests related to managing passwords of the authenticated user</p>\n","_postman_id":"3221d0ba-a0f8-48db-aad8-8f5537a3e9a2"}],"id":"91fb4102-3bea-4581-a352-6a4320bf5990","description":"<p>Common taks that only an authenticated user can run</p>\n","_postman_id":"91fb4102-3bea-4581-a352-6a4320bf5990"},{"name":"Register","id":"8f8223c9-ef33-4ce8-835c-b9ce1de1cef2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"John Doe\",\n    \"username\": \"johndoe\",\n    \"email\": \"johndoe@example.com\",\n    \"password\": \"WgJHQfzjmQOrfShlSZqsKMIEbVjEADjahrHeWqJMdTlQVErBWULmmSJLyZSdwbhA\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/auth/register","description":"<p>Register a user with the email and the password</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","register"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"8f8223c9-ef33-4ce8-835c-b9ce1de1cef2"},{"name":"Login","event":[{"listen":"test","script":{"id":"b914377c-7ec0-4fa2-9792-69545500230f","exec":["","pm.test(\"Response status code is 200\", function () {","    pm.expect(pm.response.code).to.equal(200);","});","","","pm.test(\"Verify that the 'status' field is a non-empty string\", function () {","  const responseData = pm.response.json();","  ","  pm.expect(responseData).to.be.an('object');","  pm.expect(responseData.status).to.be.a('string').and.to.have.lengthOf.at.least(1, \"Value should not be empty\");","});","","","pm.test(\"Verify that id field is a non-empty string\", function () {","    const responseData = pm.response.json();","    ","    pm.expect(responseData.user.id).to.be.a('string').and.to.have.lengthOf.at.least(1, \"Value should not be empty\");","});","","pm.test(\"Verify that name field is a non-empty string\", function () {","    const responseData = pm.response.json();","    ","    pm.expect(responseData.user.name).to.be.a('string').and.to.have.lengthOf.at.least(1, \"Value should not be empty\");","});",""],"type":"text/javascript"}}],"id":"d95cffdf-83fe-46d7-85f9-cd8e47f7f591","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"username\": \"johndoe\",\n    \"password\": \"WgJHQfzjmQOrfShlSZqsKMIEbVjEADjahrHeWqJMdTlQVErBWULmmSJLyZSdwbhA\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/auth/login","description":"<p>Login the user with the email and the password</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","login"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"d95cffdf-83fe-46d7-85f9-cd8e47f7f591"},{"name":"Logout","event":[{"listen":"test","script":{"id":"938e91c8-856f-42a2-a51e-cc486f0c9426","exec":[""],"type":"text/javascript"}}],"id":"fa508607-eed4-40cd-9dfd-a9e11473d4fa","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"DELETE","header":[],"url":"http://localhost:8080/auth/logout","description":"<p>Logout from the current logged in session</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","logout"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"fa508607-eed4-40cd-9dfd-a9e11473d4fa"},{"name":"Refresh access token","id":"672a6b82-e816-4338-ae6b-414c339fdb41","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"url":"http://localhost:8080/auth/refresh","description":"<p>Refresh the users access token with the users refresh token</p>\n","urlObject":{"protocol":"http","port":"8080","path":["auth","refresh"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"672a6b82-e816-4338-ae6b-414c339fdb41"}],"variable":[{"key":"ADMIN_SECRET","value":"WIUIjXSewLqORAFspmVhfQncKYbjCRwXbpFNAzZJsgLUefkKsKbtmLPyXBGxVBmlpcRrMEoc"}]}