ApplicationExperience

Authenticate Experience User Node

The Authenticate Experience User Node allows a workflow to authenticate an email and password against Experience Users in the application. It can also optionally generate a token that can subsequently be used for authorized requests against Experience Endpoints.

Authenticate Experience User Node

Node Properties

The Authenticate Experience User Node has two sections. First, a required section for configuring the credentials to check against existing Experience Users, and then second an optional section about what to do with the result of a successful authentication.

Credentials

Authenticate Experience User Node Config

The Authenticate Experience User Nodes allows you to choose from four combinations of credentials to check…
All fields are templatable.

  • Email and Password (Default): The given email is used to find an existing Experience User in the application, at which point (if one is found), the given password is then hashed and checked against the stored password hash for the found Experience User.

    If the password hash matches, this is a successful authentication, and the true (or right) path out of the node is taken. If no user is found or the password does not match, the false (or left) path out of the node is taken.

  • Token: The given token is used to find and authenticate an Experience User in the application.

    If a user is found, and the token is still valid, this is a successful authentication, and the true (or right) path out of the node is taken. If the token is not valid, then the false (or left) path out of the node is taken.

  • Token and Email: The given token is used to find and authenticate an Experience User in the application. If a user is found and the token is valid, the given email will be used to find an existing Experience user and ensure that it matches the user found from the token.

    If the token is valid and matches the user from the given email, this is a successful authentication, and the true (or right) path out of the node is taken. If the token is invalid or does not match the given email, then the false (or left) path out of the node is taken.

  • Token, Email, and Password: The given token is used to find and authenticate an Experience User in the application. If a user is found, then the given email will be used to find an existing Experience User and ensure it matches the user found from the token. If the users are the same, then the given password will be hashed and checked against the stored password hash for the found Experience User.

    If the token is valid, matches the user from the given email, and the password matches, this is a successful authentication and the true (or right) path out of the node is taken. If the token is invalid, does not match the email, or the passwords don’t match, then the false (or left) path out of the node is taken.

Result

Authenticate Experience User Node Output

If authentication is successful, the result configuration section comes into play. The “User Result Path” is a payload path field, and if a path is provided, the successfully authenticated user will be placed at that spot on the payload.

The “Token Result Path” is another payload path field, and if a path is provided, an authorization token will be generated and placed at that path (which can be used to authorize subsequent Experience Endpoints requests).

The “Max Age Template” only matters if a “Token Result Path” is provided (and a token is being generated). It is a templatable field which is expected to resolve to a positive number. This number will be treated as the number of milliseconds until the generated token expires. If no number is provided, the generated token will have no expiration date.

Node Example

Here’s an example output from running the above workflow…

{
...
"data": {
  "responseToken": "*****REDACTED*****",
  "responseUser": {
    "experienceGroups": [
      {
        "parentId": null,
        "name": "Big Group",
        "id": "5cf56461de4c7000076dd645"
      }
    ],
    "id": "5cf577d26c7afe000648d1eb",
    "avatarUrl": "img.png",
    "experienceUserId": "5cf577d26c7afe000648d1eb",
    "lastLogin": "2019-06-03T19:45:09.982Z",
    "passwordLastUpdated": "*****REDACTED*****",
    "lastUpdated": "2019-06-03T19:45:09.984Z",
    "creationDate": "2019-06-03T19:41:06.027Z",
    "applicationId": "5cf1390866134300069de818",
    "lastName": "Tnasol",
    "firstName": "Peter",
    "email": "peter@losant.com",
    "userTags": {
      "Role": "Yes"
    }
  },
  "body": {
    "password": "*****REDACTED*****",
    "email": "peter@losant.com"
  },
  ...
}

Node Errors

This node will never place an error on the workflow payload. In the case of a failed authentication, the “User Result Path” and “Token Result Path” on the payload will just not be set.