Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Specification

Purpose

This WS gives possibility to registered user change password to token

Request parameters

  • grant_type
  • email
  • password
  • client_id
  • scope

...

Validate grand type

  • grant_type Check if $.grant_type in allowed_grant_types for client_id
    • in case error return 401, "Client is not allowed to issue login token."
  • validate grant_type = "password"
    • in case error return

Validate email

  • Check user with email = $.email exists in DB
    • in case error return 401, "User not found."
  • Validate user is_block flag = false
    • in case error return 401, "User blocked."

Validate psw 

  • Check $.user's password = $.password
    • in case error return 401, "Identity, password combination is wrong."

Validate scope

  • validate client_id has scope=$.scope
    • in case error return

Response

  • 201 if access_token with scope "app:authorize" created
  • 4XX in other case