>= V0.7
Starting with v0.7, Giles has a two part authentication mechanism. First, it requires applications to send an OpenId token (supplied by Google) to authenticate a user. Giles then generates a shorter-lived authentication token specifically for Giles that can be used to use Giles' REST Api. In addition, in order to be able to authenticate users via an OpenId token any application needs to be registered with Giles first.
To register an application with Giles, go to Giles' system config page and add the client id (not the secret!) that your OpenId provider (currently Google) generated for your application to the list of registered client ids. If you try to authenticate a user with an OpenId token of an unregistered application, Giles will respond with:
{ "errorCode" : "401", "errorMsg" : "AUDIENCE_MISMATCH" }
Retrieve Giles authentication token
POST
An application can retrieve a new Giles authentication token by making a POST request to the following url:
/rest/token
Giles will expect an OpenId token in the POST Authorization header prefixed with "token":
Authorization: token yourOpenIDToken
If successful, we will get the following response:
{ "authentication" : "success", "token" : "gilesAuthorizationToken" }
An invalid or missing token, will result in the following response:
{ "errorCode" : "401", "errorMsg" : "Missing or invalid token." }
With the returned Giles authentication token, you can now use Giles' REST Api.
Expired Giles Tokens
When sending an expired Giles token, the following response is returned:
{ "errorCode" : "600", "errorMsg" : "The sent token is expired." }
If that happens, the application sending the request has to retrieve a new Giles access token as described above.