35 lines
1.5 KiB
Markdown
35 lines
1.5 KiB
Markdown
# PassKey Auth API Documentation
|
|
|
|
This document describes all API endpoints available in the PassKey Auth FastAPI application.
|
|
|
|
## Base URL
|
|
- **Development**: `http://localhost:4401`
|
|
- All endpoints are prefixed with `/auth/`
|
|
|
|
### HTTP Endpoints
|
|
GET /auth/ - Main authentication app
|
|
GET /auth/api/forward - Authentication validation for Caddy/Nginx (was /auth/forward-auth)
|
|
- On success returns `204 No Content` with the following headers:
|
|
- `Remote-User`: authenticated user UUID
|
|
- `Remote-Name`: display name
|
|
- `Remote-Groups`: comma-separated permission IDs (no spaces)
|
|
- `Remote-Org`: organization UUID
|
|
- `Remote-Org-Name`: organization display name
|
|
- `Remote-Role`: role UUID
|
|
- `Remote-Role-Name`: role display name
|
|
- `Remote-Session-Expires`: session expiry timestamp (ISO 8601)
|
|
- `Remote-Session-Type` (optional): session type metadata when available
|
|
- `Remote-Credential` (optional): credential UUID backing the session
|
|
POST /auth/validate - Token validation endpoint
|
|
POST /auth/user-info - Get authenticated user information
|
|
POST /auth/logout - Logout current user
|
|
POST /auth/set-session - Set session cookie from Authorization header
|
|
DELETE /auth/credential/{uuid} - Delete specific credential
|
|
POST /auth/create-link - Create device addition link
|
|
GET /auth/{reset_token} - Process reset token and redirect
|
|
|
|
### WebSocket Endpoints
|
|
WS /auth/ws/register - Register new user with passkey
|
|
WS /auth/ws/add_credential - Add new credential for existing user
|
|
WS /auth/ws/authenticate - Authenticate user with passkey
|