Auth Bootstrap And Token

Auth Bootstrap And Token

Purpose: acquire account-scoped Bearer tokens before calling authenticated jsonlog routes.

Boundary note:

• This flow calls auth.jsonlog.com endpoints.
• Those routes are not part of jsonlog OpenAPI.

Preconditions

• JsonLog service is reachable (for local usage, default http://localhost:3002).
• Auth environment is configured for your origin and client.
• node, curl, and jq are available if using bootstrap scripts.

UI Flow

1. User signs in through the auth client configured for jsonlog.
2. Client receives an access token with account claim (acc).
3. Client sends Authorization: Bearer <token> for protected jsonlog routes.

API/Script Flow

Use the bootstrap helper to provision test identities and emit an account token manifest.

cd jsonlog
set -a && source .env && set +a
TEST_EMAIL_DOMAIN="example.com" npm run auth:bootstrap

Extract the generated account_access_token from the manifest output for /query calls.

HTTP/curl Flow

AUTH_BASE_URL="https://auth.jsonlog.com"
JSONLOG_BASE_URL="http://localhost:3002"
ACCESS_TOKEN="<account_scoped_token>"

curl -sS "${AUTH_BASE_URL}/.well-known/jwks.json?client_id=cid_jsonlog"

curl -sS -X POST "${JSONLOG_BASE_URL}/query" \
  -H "authorization: Bearer ${ACCESS_TOKEN}" \
  -H "content-type: application/json" \
  --data '{"start_ts": 1700000000000, "end_ts": 1700000600000}'

Validation

• Missing/invalid token on /query returns 401.
• Valid token with account claim returns 200 and a query response envelope.

Related Docs

• Authentication
• Query
• ProblemDetails