Introduction
Welcome, developers! In this guide, we will delve into the technical depths of one of Empress’s key features: User Authentication. This feature is integral to managing user access, ensuring system security, and customizing business solutions.
Understanding User Authentication
User Authentication in Empress revolves around two key API endpoints: /api/method/login
and /api/method/logout
. There’s also a utility method to get the currently authenticated user’s ID: /api/method/frappe.auth.get_logged_user
.
These endpoints form the backbone of user access management. They handle secure user login, logout, and session management, ensuring the security and integrity of the system.
User Login
The login endpoint is a POST request that accepts username and password parameters in the request body. It returns a session ID (sid) cookie, which is used to authenticate future requests. An example request looks like the following:
curl -X POST https://{your frappe instance}/api/method/login \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"usr":"Administrator","pwd":"admin"}'
On successful authentication, the server responds with HTTP code 200 and a JSON response including user-related information. The server also sets a sid
cookie in the response headers.
User Logout
The logout endpoint is a GET request that does not require any parameters. It invalidates the current user session and logs the user out. Here’s an example:
curl -X GET https://{your frappe instance}/api/method/logout
On successful logout, the server responds with HTTP code 200 and an empty JSON response.
Getting the Logged User
The frappe.auth.get_logged_user
endpoint is a GET request that returns the ID of the currently authenticated user. Here’s how you would use it:
curl -X GET https://{your frappe instance}/api/method/frappe.auth.get_logged_user
Error Handling
If the login process encounters an error, such as a wrong password or username, the server responds with HTTP code 401 and a relevant error message.
The Importance of User Authentication
User Authentication is vital for protecting sensitive data and ensuring system integrity. It allows developers to control access to different parts of the system, customize user experiences, and maintain high levels of security.
Empress’s User Authentication feature, with its clear API endpoints and robust functionality, greatly simplifies the process of integrating user access management into your software development and customization efforts. It forms a crucial part of the Empress feature set, contributing significantly to the development of secure, customizable business solutions.