Skip to main content
Version: 13.x (Current)

How to use

Once the Temporary Password Generator is configured, you can start issuing password:

Create a code

To issue a new code, send a POST request to the /create endpoint with the JSON payload to be associated to the code.

The endpoint accepts a JSON body with the following mandatory parameters:

  • scope: (Example: web-app-login) The scope is used to distinguish codes requested by different applications.
  • ttl: (Example: 180) Specifies the Time To Live of the issued code in seconds. The code and the issued JWT will expire ttl seconds after the /create endpoint replies.
  • payload:* A required, empty-allowed, JSON object to be associated with the generated code.

Example Request

curl -X POST "http://127.0.0.1:3000/create" -d "{ \"scope\":\"web-app-login\", \"ttl\":180, \"payload\":{ \"key\":\"value\" } }"

Response

{"code":"10b1dca7-e626-4169-9f0c-8d7e3fdc49e5"}

Verify a code

To verify and consume a code, a GET request may be sent to the /verify endpoint.

The endpoint accepts the following mandatory query parameters:

  • scope: (Example: web-app-login) The scope is used to distinguish codes requested by different applications.
  • code: (Example: 10b1dca7-e626-4169-9f0c-8d7e3fdc49e5) The code to be validated and exchanged with a JWT token.

Example Request

curl -X GET "http://127.0.0.1:3000/verify?scope=web-app-login&code=10b1dca7-e626-4169-9f0c-8d7e3fdc49e5" 

Response

{
"accessToken":"XXXXXX.YYYYYY.ZZZZZ",
"payload":{
"key":"value"
},
"expiresAt":"2021-04-29T16:12:08.704Z"
}

The endpoints reply contains the payload both as plain value and JWT (accessToken). The code and the JWT both expire at the same moment.

Verify the JWT

You can verify the signature of the JWT by mean of the public key exposed on the endpoint /public-key.

Example Request

curl -X GET "http://127.0.0.1:3000/public-key" 

Response

{
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFA..."
}