Confirmed users
471
edits
Identity/AttachedServices/KeyServerProtocol: Difference between revisions
Jump to navigation
Jump to search
m
Identity/AttachedServices/KeyServerProtocol (view source)
Revision as of 06:32, 1 August 2013
, 1 August 2013→Keyserver Protocol Summary
| Line 959: | Line 959: | ||
* POST /account/create (email,srpV,srpSalt) -> ok (server sends verification email) | * POST /account/create (email,srpV,srpSalt) -> ok (server sends verification email) | ||
** creates a user account | ** creates a user account | ||
* POST / | * GET /account/devices [sessionToken] () -> list of devices | ||
* POST | * GET /account/keys [keyFetchToken,needs-verf] () -> kA/wrap(kB) | ||
* | ** single-use, only if email is verified, encrypted results | ||
* POST /session/destroy [ | * POST /account/reset [authed+encrypted by accountResetToken] (wrap(kB),srpV,srpSalt) -> ok | ||
** single-use, does not require email to be verified, revoke all tokens for account, send notification email to user | |||
* POST /account/delete [authToken] () -> ok, account deleted | |||
* POST /auth/start (email) -> srpToken,SRP stuff | |||
* POST /auth/finish (srpToken,SRP stuff,deviceInfo) -> authToken | |||
* POST /session/create [authToken] () -> keyFetchToken, sessionToken | |||
* POST /session/destroy [sessionToken] () -> ok | |||
** for detaching a device, destroy all tokens | ** for detaching a device, destroy all tokens | ||
* POST / | * POST /recovery_email/status [sessionToken] () -> "verified" status of email | ||
** use "Accept: text/event-stream" header for server-sent-events; server will send "update" event with the new content of the resource any time it changes. | ** use "Accept: text/event-stream" header for server-sent-events; server will send "update" event with the new content of the resource any time it changes. | ||
* POST / | * POST /recovery_email/resend_code [sessionToken] () -> re-send verification email | ||
* POST / | * POST /recovery_email/verify_code (code) -> set "verified" flag | ||
** this code will come from a clickable link and is an unauthenticated endpoint | ** this code will come from a clickable link and is an unauthenticated endpoint | ||
** this could maybe take the recovery method if that would be helpful | ** this could maybe take the recovery method if that would be helpful | ||
** sets verified flag on recovery method | ** sets verified flag on recovery method | ||
* | * POST /certificate/sign [sessionToken,needs-verf] (pubkey) -> cert | ||
** | ** only if recovery email is verified | ||
* POST /password/change/start [authToken,needs-verf] () -> accountResetToken, keyFetchToken | |||
* POST /password/change | * POST /password/forgot/send_code () -> forgotPasswordToken | ||
* POST /password/forgot/send_code ( | |||
** sends code to recovery method (email for now, maybe SMS later) | ** sends code to recovery method (email for now, maybe SMS later) | ||
** this is a short code, not a clickable link | ** this is a short code, not a clickable link | ||
* POST /password/forgot/verify_code (forgotPasswordToken, code) -> | * POST /password/forgot/resend_code (forgotPasswordToken) -> re-sends code | ||
* POST /password/forgot/verify_code (forgotPasswordToken, code) -> accountResetToken | |||
** sets verified flag on recovery method | ** sets verified flag on recovery method | ||
* POST /get_random_bytes | * POST /get_random_bytes | ||