# JWT Bearer Authentication

## API Methods

JWT Token is issued by API after successful login is performed. All subsequent requests have `Authorization` header with value in format `Bearer {tokenId}`. Successful response contains  [`AuthResult`](https://developers.portos.sk/data-models#authresult) model in response body.

## Authentication

<mark style="color:green;">`POST`</mark> `http://{server-address}/api/auth`

User authorization based on provided credentials. User authenticates to specific device, specified by `DeviceName` property in request body. As result, JWT token is issued.

#### Request Body

| Name                                         | Type   | Description                                            |
| -------------------------------------------- | ------ | ------------------------------------------------------ |
| UserName<mark style="color:red;">\*</mark>   | string | Unique user name.                                      |
| Password                                     | string | User password                                          |
| DeviceName<mark style="color:red;">\*</mark> | string | The unique name of the device the user is logging into |

{% tabs %}
{% tab title="200: OK Authorization successful" %}

```json
{
    "tokenId": "eyJhbG....GLvNNavSk0A",
    "refreshToken": "pC73A....63GkAAEpwtWA=",
    "user": {
        "id": "635f7ae3072edfeae7c26a1e",
        "isVirtual": false,
        "name": "Majiteľ",
        "userName": "999",
        "featureName": null,
        "rights": [
            "admin"
        ],
        "device": {
            "name": "P01",
            "envName": "CashRegister",
            "description": "P01",
            "preferences": {},
            "settings": {
                "MaxQuantity": "200",
                "OpenedPrices": "false",
                "NoticeOnNegativeSale": "false",
                "VisibleQuantities": "false",
                "DefaultFiscalName": "eKasa",
                "DefaultOrderEndpointName": "",
                "DefaultStockName": "S01"
            }
        }
    }
}
```

{% endtab %}

{% tab title="401: Unauthorized Authorization failed" %}

```json
{
    "title": "Nesprávne meno alebo heslo.",
    "status": 401,
    "instance": "/api/auth",
    "errorCode": "Unauthorized",
    "traceId": "0HMM3ODQRAVOG:00000002"
}
```

{% endtab %}
{% endtabs %}

In case of need, you can get user profile associated with `tokenId`, using request below. Successful response contains  [`UserProfileContext`](https://developers.portos.sk/data-models#userprofilecontext) model in response body.

## Get current user profile

<mark style="color:blue;">`GET`</mark> `http://{server-address}/api/auth`

#### Headers

| Name                                            | Type   | Description                             |
| ----------------------------------------------- | ------ | --------------------------------------- |
| Authorization<mark style="color:red;">\*</mark> | String | JWT token in format `Bearer {tokenId}`. |

{% tabs %}
{% tab title="200: OK Successful response" %}

```javascript
{
    "id": "635f7ae3072edfeae7c26a1e",
    "isVirtual": false,
    "name": "Majiteľ",
    "userName": "999",
    "featureName": null,
    "rights": [
        "admin"
    ],
    "device": {
        "name": "P01",
        "envName": "CashRegister",
        "description": "P01",
        "preferences": {},
        "settings": {
            "MaxQuantity": "200",
            "OpenedPrices": "false",
            "NoticeOnNegativeSale": "false",
            "VisibleQuantities": "false",
            "DefaultFiscalName": "eKasa",
            "DefaultOrderEndpointName": "",
            "DefaultStockName": "S01"
        }
    }
}
```

{% endtab %}
{% endtabs %}

Each session has its expiration time (may be modified in API settings). To extends lifespan of session, you can call refresh method. Successful response contains [`RefreshTokenResult`](https://developers.portos.sk/data-models#refreshtokenresult)  model in response body.

## Refresh session

<mark style="color:green;">`POST`</mark> `http://{server-address}/api/auth/refresh`

Extends session lifespan.

#### Request Body

| Name                                           | Type   | Description                                  |
| ---------------------------------------------- | ------ | -------------------------------------------- |
| tokenId<mark style="color:red;">\*</mark>      | String | Token ID obtained during authorization.      |
| refreshToken<mark style="color:red;">\*</mark> | String | Refresh token obtained during authorization. |

{% tabs %}
{% tab title="200: OK " %}

```javascript
{
    "tokenId": "eyJhbG....GLvNNavSk0A",
    "refreshToken": "pC73A....63GkAAEpwtWA="
}
```

{% endtab %}
{% endtabs %}

To sign out and terminate user session, send DELETE request.

## Terminate session

<mark style="color:red;">`DELETE`</mark> `http://{server-address}/api/auth`

Logs out user.

#### Headers

| Name                                            | Type   | Description                             |
| ----------------------------------------------- | ------ | --------------------------------------- |
| Authorization<mark style="color:red;">\*</mark> | string | JWT token in format `Bearer {tokenId}`. |

{% tabs %}
{% tab title="200: OK Always returns OK with empty body." %}

```javascript
{
    // Response
}
```

{% endtab %}
{% endtabs %}