Feature/change auth endpoint from get to post (#1823)

* Change auth endpoint from GET to POST * Login with security token * Login with Internet Identity * Update changelog
2023-04-05 18:10:29 +02:00 · 2023-04-05 18:10:29 +02:00 · b74a042da8
commit b74a042da8
parent d55c052f57
4 changed files with 14 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ### Changed

+- Changed the `auth` endpoint of the login with _Security Token_ from `GET` to `POST`
+- Changed the `auth` endpoint of the _Internet Identity_ login provider from `GET` to `POST`
 - Improved the content of the Frequently Asked Questions (FAQ) page
 - Improved the content of the pricing page

--- a/apps/api/src/app/auth/auth.controller.ts
+++ b/apps/api/src/app/auth/auth.controller.ts
@ -7,7 +7,6 @@ import {
  Controller,
  Get,
  HttpException,
-  Param,
  Post,
  Req,
  Res,
@ -33,13 +32,13 @@ export class AuthController {
    private readonly webAuthService: WebAuthService
  ) {}

-  @Get('anonymous/:accessToken')
+  @Post('anonymous')
  public async accessTokenLogin(
-    @Param('accessToken') accessToken: string
+    @Body() body: { accessToken: string }
  ): Promise<OAuthResponse> {
    try {
      const authToken = await this.authService.validateAnonymousLogin(
-        accessToken
+        body.accessToken
      );
      return { authToken };
    } catch {
@ -81,13 +80,13 @@ export class AuthController {
    }
  }

-  @Get('internet-identity/:principalId')
+  @Post('internet-identity')
  public async internetIdentityLogin(
-    @Param('principalId') principalId: string
+    @Body() body: { principalId: string }
  ): Promise<OAuthResponse> {
    try {
      const authToken = await this.authService.validateInternetIdentityLogin(
-        principalId
+        body.principalId
      );
      return { authToken };
    } catch {
--- a/apps/client/src/app/services/data.service.ts
+++ b/apps/client/src/app/services/data.service.ts
@ -388,9 +388,9 @@ export class DataService {
  }

  public loginAnonymous(accessToken: string) {
-    return this.http.get<OAuthResponse>(
-      `/api/v1/auth/anonymous/${accessToken}`
-    );
+    return this.http.post<OAuthResponse>(`/api/v1/auth/anonymous`, {
+      accessToken
+    });
  }

  public postAccess(aAccess: CreateAccessDto) {
--- a/apps/client/src/app/services/internet-identity.service.ts
+++ b/apps/client/src/app/services/internet-identity.service.ts
@ -30,9 +30,9 @@ export class InternetIdentityService implements OnDestroy {
          const principalId = authClient.getIdentity().getPrincipal();

          this.http
-            .get<OAuthResponse>(
-              `/api/v1/auth/internet-identity/${principalId.toText()}`
-            )
+            .post<OAuthResponse>(`/api/v1/auth/internet-identity`, {
+              principalId: principalId.toText()
+            })
            .pipe(
              catchError(() => {
                reject();