This module enables custom signup, login and passwordless endpoints to interact with PrestaShop's authentication system from Arengu flows.
Note that this module currently only allows you to manage the accounts of your customers and not your employees'.
- Download the latest release ZIP file.
- Upload it to your admin panel in Modules > Module Manager > Upload a module.
- You can now find Arengu Auth module in the "Other" category.
- Click "Configure" to get your API key.
- Download the latest release ZIP file and extract it inside the
modules
directory of an existing PrestaShop installation. You should end with a file structure where you can locate theps_arengu_auth.php
file precisely inmodules/ps_arengu_auth/ps_arengu_auth.php
. Otherwise, the module will not be detected by PrestaShop. - Go to the admin panel, Modules > Module Manager, and find "Arengu Auth" in the "Other" category.
- Click "Install".
- Click "Configure" to get your API key.
These are all the operations exposed by this module:
The private part of the API is protected by an API key. You can view and manage your API key under your module settings, in the PrestaShop admin panel.
Warning: This API key allows to impersonate any customer in your store, so you must keep it secret and do not share it in publicly accessible areas such as GitHub, client-side code, and so forth.
Authentication to the API is performed via Authorization
header with Bearer
schema:
Authorization: Bearer YOUR_API_KEY
Sign up users with email and password or just with an email (passwordless signup).
POST /module/ps_arengu_auth/signup
Content-Type: application/json
Property | Type | Description |
---|---|---|
firstname (required) | String | The user's first name. |
lastname (required) | String | The user's last name. |
email (required) | String | The user's email. |
password (optional) | String | The user's plain password. If you don't provide a password, a random one will be generated. This is useful if you want to use passwordless flows. |
expires_in (optional) | String | Number of seconds that the JWT will be valid. By default it's 300 (5 minutes). |
redirect_uri (optional) | String | The URL where you want to redirect the user after logging him in when you send him to the JWT verification endpoint. By default it's the user account page. |
> POST /module/ps_arengu_auth/signup
> Content-Type: application/json
{
"firstname": "Jane",
"firstname": "Doe",
"email": "jane.doe@arengu.com",
"password": "foobar"
}
< HTTP/1.1 200 OK
< Content-Type: application/json
{
"user": {
"id": 1,
"email": "jane.doe@arengu.com",
"firstname": "Jane",
"lastname": "Doe",
"birthday": null,
"id_gender": null,
"company": null,
"newsletter": null,
"optin": null,
"default_group": 3,
"groups": [
3
]
},
"token": "...",
"login_url": "..."
}
Log in users with email and password.
POST /module/ps_arengu_auth/login_password
Content-Type: application/json
Property | Type | Description |
---|---|---|
email (required) | String | The user's email you want to sign up. |
password (required) | String | Query selector or DOM element that the form will be appended to. |
expires_in (optional) | String | Number of seconds that the JWT will be valid. By default it's 300 (5 minutes). |
redirect_uri (optional) | String | The URL where you want to redirect the user after logging him in when you send him to the JWT verification endpoint. By default it's the user account page. |
POST /module/ps_arengu_auth/login_password
Content-Type: application/json
{
"email": "jane.doe@arengu.com",
"password": "foobar"
}
< HTTP/1.1 200 OK
< Content-Type: application/json
{
"user": {
"id": 1,
"email": "jane.doe@arengu.com",
"firstname": "Jane",
"lastname": "Doe",
"birthday": null,
"id_gender": null,
"company": null,
"newsletter": null,
"optin": null,
"default_group": 3,
"groups": [
3
]
},
"token": "...",
"login_url": "..."
}
Authenticate users without password.
POST /module/ps_arengu_auth/passwordless_login
Content-Type: application/json
Warning: This endpoint was designed to be invoked once the user identity is verified using, at least, one authentication factor (eg. one-time password via email or SMS, social login, etc).
Property | Type | Description |
---|---|---|
email (required) | String | The user's email you want to authenticate. |
expires_in (optional) | String | Number of seconds that the JWT will be valid. By default it's 300 (5 minutes). |
redirect_uri (optional) | String | The URL where you want to redirect the user after logging him in when you send him to the JWT verification endpoint. By default it's the user account page. |
> POST /module/ps_arengu_auth/passwordless_login
> Content-Type: application/json
{
"email": "jane.doe@arengu.com"
}
< HTTP/1.1 200 OK
< Content-Type: application/json
{
"user": {
"id": 1,
"email": "jane.doe@arengu.com",
"firstname": "Jane",
"lastname": "Doe",
"birthday": null,
"id_gender": null,
"company": null,
"newsletter": null,
"optin": null,
"default_group": 3,
"groups": [
3
]
},
"token": "...",
"login_url": "..."
}
Check if an email exists in your database.
POST /module/ps_arengu_auth/check_email
Content-Type: application/json
Property | Type | Description |
---|---|---|
email (required) | String | The user's email. |
> POST /module/ps_arengu_auth/check_email
> Content-Type: application/json
{
"email": "jane.doe@arengu.com"
}
< HTTP/1.1 200 OK
< Content-Type: application/json
{
"email_exists": true
}
Make a user to be logged in by redirecting him to this URL with a signed JWT that you previously received as a response in a signup or login request.
GET
/module/ps_arengu_auth/login_jwt
Parameter | Type | Description |
---|---|---|
token (required) | String | A signed JSON web token (JWT), containing sub (the user ID), email (the user email) and optionally redirect_uri with the absolute or relative URL the user will be redirected after the login. If the latter is not specified, the user will be redirected to the home page. |