# Authentication Usage Examples This document provides practical examples of how to use the authentication system in the Ecommerce Backend API. ## Overview The API uses JWT (JSON Web Token) authentication with the following workflow: 1. Register a new user account 2. Login to receive a JWT token 3. Include the token in the `Authorization` header for protected endpoints 4. Token expires after 30 minutes (configurable) ## Python Examples ### Basic Authentication Functions ```python import requests # API Base URL BASE_URL = "http://localhost:8000" def register_user(email, username, password): """Register a new user""" response = requests.post( f"{BASE_URL}/register", json={"email": email, "username": username, "password": password}, ) return response.json() def login_user(username, password): """Login and get JWT token""" response = requests.post( f"{BASE_URL}/login", json={"username": username, "password": password} ) if response.status_code == 200: data = response.json() return data["access_token"] else: print(f"Login failed: {response.json()}") return None def get_user_info(token): """Get current user info""" headers = {"Authorization": f"Bearer {token}"} response = requests.get(f"{BASE_URL}/me", headers=headers) return response.json() ``` ### Using Protected Endpoints ```python def get_products(token, skip=0, limit=10): """Get products (requires authentication)""" headers = {"Authorization": f"Bearer {token}"} response = requests.get( f"{BASE_URL}/products?skip={skip}&limit={limit}", headers=headers ) return response.json() def create_product(token, product_data): """Create a new product (requires authentication)""" headers = {"Authorization": f"Bearer {token}"} response = requests.post(f"{BASE_URL}/products", json=product_data, headers=headers) return response.json() ``` ### Complete Workflow Example ```python # Example usage workflow if __name__ == "__main__": # 1. Register a new user print("1. Registering new user...") try: user_result = register_user("test@example.com", "testuser", "password123") print(f"User registered: {user_result}") except Exception as e: print(f"Registration failed: {e}") # 2. Login with default admin user print("\n2. Logging in as admin...") admin_token = login_user("admin", "admin123") if admin_token: print(f"Admin login successful! Token: {admin_token[:50]}...") # 3. Get user info print("\n3. Getting admin user info...") user_info = get_user_info(admin_token) print(f"User info: {user_info}") # 4. Create a sample product print("\n4. Creating a sample product...") sample_product = { "marketplace_product_id": "TEST001", "title": "Test MarketplaceProduct", "description": "A test product for demonstration", "price": "19.99", "brand": "Test Brand", "availability": "in inventory", } product_result = create_product(admin_token, sample_product) print(f"MarketplaceProduct created: {product_result}") # 5. Get products list print("\n5. Getting products list...") products = get_products(admin_token) print(f"Products: {products}") # 6. Login with regular user print("\n6. Logging in as regular user...") user_token = login_user("testuser", "password123") if user_token: print(f"User login successful! Token: {user_token[:50]}...") # Regular users can also access protected endpoints user_info = get_user_info(user_token) print(f"Regular user info: {user_info}") products = get_products(user_token, limit=5) print( f"Products accessible to regular user: {len(products.get('products', []))} products" ) print("\nAuthentication example completed!") ``` ## cURL Examples ### Register a New User ```bash curl -X POST "http://localhost:8000/register" \ -H "Content-Type: application/json" \ -d '{ "email": "user@example.com", "username": "newuser", "password": "password123" }' ``` **Response:** ```json { "id": 2, "email": "user@example.com", "username": "newuser", "role": "user", "is_active": true, "created_at": "2024-01-15T10:30:00Z" } ``` ### Login (Get JWT Token) ```bash curl -X POST "http://localhost:8000/login" \ -H "Content-Type: application/json" \ -d '{ "username": "admin", "password": "admin123" }' ``` **Response:** ```json { "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "token_type": "bearer", "expires_in": 1800, "user": { "id": 1, "username": "admin", "email": "admin@example.com", "role": "admin", "is_active": true } } ``` ### Use Token for Protected Endpoints #### Get Current User Info ```bash curl -X GET "http://localhost:8000/me" \ -H "Authorization: Bearer YOUR_JWT_TOKEN_HERE" ``` #### Get Products List ```bash curl -X GET "http://localhost:8000/products" \ -H "Authorization: Bearer YOUR_JWT_TOKEN_HERE" ``` #### Create a MarketplaceProduct ```bash curl -X POST "http://localhost:8000/products" \ -H "Authorization: Bearer YOUR_JWT_TOKEN_HERE" \ -H "Content-Type: application/json" \ -d '{ "marketplace_product_id": "TEST001", "title": "Test MarketplaceProduct", "description": "A test product for demonstration", "price": "19.99", "brand": "Test Brand", "availability": "in inventory" }' ``` ## Default Accounts ### Admin Account - **Username**: `admin` - **Password**: `admin123` - **Email**: `admin@example.com` - **Role**: `admin` **Security Note**: Change the admin password immediately in production environments! ## Authentication Headers All protected endpoints require the JWT token in the Authorization header: ``` Authorization: Bearer ``` ## Error Handling ### Common Authentication Errors #### Invalid Credentials (Login) ```json { "detail": "Invalid credentials" } ``` #### Missing or Invalid Token ```json { "detail": "Not authenticated" } ``` #### Expired Token ```json { "detail": "Token has expired" } ``` #### Insufficient Permissions ```json { "detail": "Not enough permissions" } ``` ### Error Handling in Python ```python def safe_api_call(token, endpoint, method="GET", data=None): """Make API call with proper error handling""" headers = {"Authorization": f"Bearer {token}"} try: if method == "GET": response = requests.get(f"{BASE_URL}{endpoint}", headers=headers) elif method == "POST": response = requests.post(f"{BASE_URL}{endpoint}", json=data, headers=headers) if response.status_code == 401: print("Authentication failed - token may be expired") return None elif response.status_code == 403: print("Access denied - insufficient permissions") return None elif response.status_code == 200: return response.json() else: print(f"API call failed: {response.status_code} - {response.text}") return None except requests.exceptions.RequestException as e: print(f"Request failed: {e}") return None ``` ## Best Practices ### Token Management 1. **Store tokens securely** - Don't expose tokens in logs or client-side code 2. **Handle token expiration** - Implement automatic token refresh or re-login 3. **Use HTTPS in production** - Never send tokens over unencrypted connections ### Password Security 1. **Use strong passwords** - Minimum 6 characters (configurable) 2. **Don't hardcode passwords** - Use environment variables or secure configuration 3. **Regular password updates** - Especially for admin accounts ### API Integration 1. **Include error handling** - Always check response status codes 2. **Implement retry logic** - Handle temporary network issues 3. **Rate limiting awareness** - Respect API rate limits ## Testing Authentication You can test the authentication system using the provided Python script or with make commands: ```bash # Run authentication tests make test-auth # Run all tests including authentication make test ``` ## Integration with Frontend ### JavaScript/TypeScript Example ```javascript class APIClient { constructor(baseURL = 'http://localhost:8000') { this.baseURL = baseURL; this.token = localStorage.getItem('jwt_token'); } async login(username, password) { const response = await fetch(`${this.baseURL}/login`, { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({username, password}) }); if (response.ok) { const data = await response.json(); this.token = data.access_token; localStorage.setItem('jwt_token', this.token); return data; } else { throw new Error('Login failed'); } } async apiCall(endpoint, method = 'GET', data = null) { const headers = { 'Authorization': `Bearer ${this.token}`, 'Content-Type': 'application/json' }; const config = {method, headers}; if (data) config.body = JSON.stringify(data); const response = await fetch(`${this.baseURL}${endpoint}`, config); if (response.status === 401) { // Token expired, redirect to login localStorage.removeItem('jwt_token'); window.location.href = '/login'; return; } return response.json(); } } ``` This authentication system provides secure access control for all API endpoints while maintaining ease of use for developers integrating with the system.