Tutorial #1: Authentication Entry Point

1) Determine Authentication Methods

The entry point for authentication is the route /api/auth/start which will return a list of valid authentication routes which you can use to continue the authentication process.

Your node and port may vary.

JavaScript

cURL

const node = 'iv-cos'
const port = 443
const api_root = `https://${ node }.encipher.sk:${ port }`

fetch( `${ api_root }/api/auth/start/` )
  .then( response => response.json() )
  .then( data => console.log( data ) )

curl https://iv-cos.encipher.sk:443/api/auth/start

/api/auth/start will return a JSON object containing, in part, a property of providers with all the valid authentication providers as its keys. For example:

{
  "ok": true,
  "op": "auth_start",
  "auth_url": "https://iv-cos.encipher.sk/dex/auth?client_id=mfarphor&scope=openid%20federated%3Aid%20email%20profile%20offline_access&response_type=code&state=zed-EFhgIo&code_challenge=39tkrnZPNx-Ab54Tvcdi2_lJuJBasWsO3-hLAdqfH-Y&code_challenge_method=S256",
  "providers": {
    "Dex": "https://iv-cos.encipher.sk/dex/auth?client_id=mfarphor&scope=openid%20federated%3Aid%20email%20profile%20offline_access&response_type=code&state=zed-EFhgIo&code_challenge=39tkrnZPNx-Ab54Tvcdi2_lJuJBasWsO3-hLAdqfH-Y&code_challenge_method=S256",
    "Google": "https://iv-cos.encipher.sk/dex/auth/google?client_id=mfarphor&scope=openid%20federated%3Aid%20email%20profile%20offline_access&response_type=code&state=zed-EFhgIo&code_challenge=39tkrnZPNx-Ab54Tvcdi2_lJuJBasWsO3-hLAdqfH-Y&code_challenge_method=S256",
    "LinkedIn": "https://iv-cos.encipher.sk/dex/auth/linkedin?client_id=mfarphor&scope=openid%20federated%3Aid%20email%20profile%20offline_access&response_type=code&state=zed-EFhgIo&code_challenge=39tkrnZPNx-Ab54Tvcdi2_lJuJBasWsO3-hLAdqfH-Y&code_challenge_method=S256",
    "GitHub": "https://iv-cos.encipher.sk/dex/auth/github?client_id=mfarphor&scope=openid%20federated%3Aid%20email%20profile%20offline_access&response_type=code&state=zed-EFhgIo&code_challenge=39tkrnZPNx-Ab54Tvcdi2_lJuJBasWsO3-hLAdqfH-Y&code_challenge_method=S256",
    "Email": "https://iv-cos.encipher.sk/dex/auth/local?client_id=mfarphor&scope=openid%20federated%3Aid%20email%20profile%20offline_access&response_type=code&state=zed-EFhgIo&code_challenge=39tkrnZPNx-Ab54Tvcdi2_lJuJBasWsO3-hLAdqfH-Y&code_challenge_method=S256"
  }
}

Most authentication routes will require the use of a third-party system; however, the email route may be used for simplicity during the development phase.

For now, log in via the web portal in order to begin a session with InfinityVault. It will automatically provide you with a list of third-party login means.

Save your keys!
Save the zs_hk1 and zs_hk2 cookies from authentication. Don't worry about this if you're using a browser. It will persist these for you in cookies.

2) Establish a ZSession for your current HTTP session

With the zs_hk1 and zs_hk2 cookies, use the /api/zs/conn route in order to establish a ZSession, which is where the encryption takes place on the server back end.

For now, post the route on the API Reference Page by pressing the TRY button. Make sure to use the same web browser as step #1.

A successful response will include the header x-zs containing the ZSession token as well as JSON data in the following format:

{
  "zs": [
    "zs.C4Cskak",
    "TK2aYQ"
  ]
}

Save your token!
This token represents your current InfinityVault ZSession. It is not persisted in browser cookies.

Next steps:

Go back home.
Go to Tutorial #2 to learn how to save and restore records!