Authentification
Endpoints pour gérer l’authentification et les sessions.
Sign Up (Inscription)
POST /api/auth/sign-up
Content-Type: application/jsonRequĂŞte
{
"email": "user@example.com",
"password": "SecurePassword123"
}RĂ©ponse (201)
{
"user": {
"id": "user_123",
"email": "user@example.com",
"name": null,
"image": null,
"emailVerified": false,
"createdAt": "2024-01-15T10:30:00Z"
},
"session": {
"id": "session_123",
"token": "eyJhbGc...",
"expiresAt": "2024-01-22T10:30:00Z"
}
}Exemple cURL
curl -X POST http://localhost:3000/api/auth/sign-up \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "SecurePassword123"
}'Sign In (Connexion)
POST /api/auth/sign-in
Content-Type: application/jsonRequĂŞte
{
"email": "user@example.com",
"password": "SecurePassword123"
}RĂ©ponse (200)
{
"user": { ... },
"session": { ... }
}Exemple cURL
curl -X POST http://localhost:3000/api/auth/sign-in \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "SecurePassword123"
}'Sign Out (DĂ©connexion)
POST /api/auth/sign-out
Authorization: Bearer TOKENRĂ©ponse (200)
{
"success": true
}Exemple cURL
curl -X POST http://localhost:3000/api/auth/sign-out \
-H "Authorization: Bearer YOUR_TOKEN"Get Session (Récupérer la session)
GET /api/auth/session
Authorization: Bearer TOKENRĂ©ponse (200)
{
"user": { ... },
"session": { ... }
}Exemple cURL
curl http://localhost:3000/api/auth/session \
-H "Authorization: Bearer YOUR_TOKEN"Send Magic Link (Envoyer un lien magique)
POST /api/auth/send-magic-link
Content-Type: application/jsonRequĂŞte
{
"email": "user@example.com",
"redirectUrl": "http://localhost:3000/dashboard"
}RĂ©ponse (200)
{
"success": true,
"message": "Magic link sent to email"
}Exemple cURL
curl -X POST http://localhost:3000/api/auth/send-magic-link \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"redirectUrl": "http://localhost:3000/dashboard"
}'Email Verification (VĂ©rifier email)
POST /api/auth/verify-email
Content-Type: application/jsonRequĂŞte
{
"token": "verification_token_from_email"
}RĂ©ponse (200)
{
"success": true,
"user": { ... }
}Two-Factor Authentication
Activer 2FA
POST /api/auth/two-factor/enable
Authorization: Bearer TOKENRĂ©ponse (200)
{
"secret": "JBSWY3DPEBLW64TMMQ======",
"qrCode": "data:image/png;base64,..."
}Scannez le QR code avec Authenticator (Google Authenticator, Authy, etc.).
VĂ©rifier le code TOTP
POST /api/auth/two-factor/verify
Authorization: Bearer TOKEN
Content-Type: application/jsonRequĂŞte
{
"code": "123456"
}RĂ©ponse (200)
{
"success": true,
"user": { ... }
}Sign In avec 2FA
POST /api/auth/sign-in
Content-Type: application/jsonRequĂŞte
{
"email": "user@example.com",
"password": "SecurePassword123",
"totpCode": "123456"
}OAuth
GitHub
GET /api/auth/oauth/githubRedirection vers GitHub pour l’authentification.
Callback : /api/auth/callback/github
GET /api/auth/oauth/googleRedirection vers Google pour l’authentification.
Callback : /api/auth/callback/google
Passkeys
Enregistrer un passkey
POST /api/auth/passkey/register
Authorization: Bearer TOKENSign In avec Passkey
POST /api/auth/passkey/sign-in
Content-Type: application/jsonError Responses
Invalid Credentials
{
"error": "INVALID_CREDENTIALS",
"message": "Email or password is incorrect"
}User Already Exists
{
"error": "USER_ALREADY_EXISTS",
"message": "User with this email already exists"
}Email Not Verified
{
"error": "EMAIL_NOT_VERIFIED",
"message": "Please verify your email first"
}Invalid Token
{
"error": "INVALID_TOKEN",
"message": "Token is invalid or expired"
}TOTP Code Invalid
{
"error": "INVALID_TOTP",
"message": "The TOTP code is invalid or expired"
}Meilleur pratique
✅ Ne jamais stocker les mots de passe en clair ✅ Utilisez HTTPS en production ✅ Refresh les tokens régulièrement ✅ Implémenter le rate limiting ✅ Utiliser 2FA pour les comptes sensibles
Voir Système d’authentification pour plus de détails.
Last updated on