I’m working on my openapi documentation and trying to test the Auth method but can’t seem to figure out what it maps to, it doesn’t work with GET or POST requests, (I’ve only been using websocket to this point)
what am I missing? Is there a postman example I can use?
Hi again!
What you are looking for is the headerAuth configuration:
https://resgate.io/docs/get-started/configuration/#security-configuration
resgate --headauth=authservice.jwtauth
I realize this feature is poorly documented. But what it does is that, when Resgate receives a HTTP request (GET/POST), it will first send an auth request to that resource:
auth.authservice.jwtauth
After Resgate receives the response to the auth request, it will send the get/call request, using any access token it recieved.
It would in a websequence diagram look like this:
Hope that explains it 
Best regards,
Samuel
I’m not sure if that’s what I’m referring too, but the information is very helpful, Thank you.
I’ll rephrase, please let me know if the answer is the same.
we get information on the frontend with the resgate client, like:
client.get('connection.search?key=connection_entity_ids&value=123&key=owner_entity_id&value=567')
client.call('group.identity', 'create', {name: "some group name"})
client.authenticate("auth.totp", "validate", { code: "123456" }).then(resp)
client.authenticate('auth.user', 'login', {
username: formState.values.username,
password: formState.values.password,
})
.then((resp))
the .get uses GET requests and .call uses POST but I’m not sure how to access .authenticate using restful requests. I have multiple methods, calling different services using .authenticate I don’t know how to access them using Rest.
e.g. when I try to send a POST request to /api/auth/user/login with the username and password I get a service not found error
I am sorry for the long delay.
It has been the last deadline weeks of the projekt I’ve been working on. But now it is finished! .
So I can once again fully concentrate on Resgate again 
True that auth is not mapped to any HTTP method (like get -> GET and call -> CALL).
And because Resgate does not allow you to set cookies (yet! This is something I plan to prioritize as I am also in need of that capability), the only way to get a logged in session is by creating an ordinary non-Resgate HTTP login where the cookie is set.
The set cookie can then be used for authentication with the headerAuth setting.
Modifying the previous websequence diagram:
The difference is that I added the login call at the top, a HTTP request which goes directly to authservice.
To avoid having two ways of logging in (both the auth.authservice.login RES request handler for WebSockets, and the /login HTTP request handler for HTTP), I’ve found it easier to just use HTTP to login, and then have a auth.authservice.jwt header authentication handler used both for WebSocket and HTTP requests to Resgate.
But as said, I wish to make it possible to do this purely using Resgate.
Best regards,
Samuel
