ApplicationExperience

Authenticate Experience User Node

The Authenticate Experience User Node allows a workflow to authenticate an email and password against Experience Users in the application. It can also optionally generate a token that can subsequently be used for authorized requests against Experience Endpoints.

Authenticate Experience User Node

Node Properties

The Authenticate Experience User Node has three sections:

Credentials

Authenticate Experience User Node Config

The Authenticate Experience User Nodes allows you to choose from four combinations of credentials to check. All fields are templatable.

Email and Password

The given email is used to find an existing Experience User in the application, at which point (if one is found), the given password is then hashed and checked against the stored password hash for the found Experience User.

If the password hash matches, this is a successful authentication, and the true (or right) path out of the node is taken. If no user is found or the password does not match, the false (or left) path out of the node is taken.

Token

The given token is used to find and authenticate an Experience User in the application.

If a user is found, and the token is still valid, this is a successful authentication, and the true (or right) path out of the node is taken. If the token is not valid, then the false (or left) path out of the node is taken.

Token and Email

The given token is used to find and authenticate an Experience User in the application.

If a user is found and the token is valid, the given email will be used to find an existing Experience user and ensure that it matches the user found from the token.

If the token is valid and matches the user from the given email, this is a successful authentication, and the true (or right) path out of the node is taken. If the token is invalid or does not match the given email, then the false (or left) path out of the node is taken.

Token, Email, and Password

The given token is used to find and authenticate an Experience User in the application.

If a user is found, then the given email will be used to find an existing Experience User and ensure it matches the user found from the token.

If the users are the same, then the given password will be hashed and checked against the stored password hash for the found Experience User.

If the token is valid, matches the user from the given email, and the password matches, this is a successful authentication and the true (or right) path out of the node is taken. If the token is invalid, does not match the email, or the passwords don’t match, then the false (or left) path out of the node is taken.

Invalidate Tokens

You can select “If authentication succeeds, invalidate any previous tokens.”

This checkbox will expire any tokens that have been previously created. It will expire the given token, even if it is valid.

With this option enabled, if using a Token authentication (Token, Email, and Password, Token and Email, or Token) and a “Token Result Path” is given, a new token is generated.

User Result

The User Result Path is a payload path field, and if a path is provided, the successfully authenticated user will be placed on the payload.

Authenticate Experience User Node Output

Token Generation

You can generate an authentication token to be stored on the specified payload path. This token can be used to authorize subsequent Experience Endpoints requests.

Experience User Token Generation

Token Result Path

The “Token Result Path” is a payload path field.

When you use any of token authentication methods (Token, Email, and Password, Token and Email, or Token), you will always get the same token except:

When using the “Email and Password”, you’ll always get new token.

Extra Data Template

The “Extra Data Template” is a JSON template field which allows you to add extra data to the token if it is being regenerated.

Extra Data will be carried over to the next token if:

  • No extra data is given.
  • The previous token had extra data.
  • The token is being regenerated.

This extra data is placed on the payload of an Endpoint Trigger.

Max Age Template

If a token is being regenerated and you provide a “Token Result Path,” you may set the Max Age of the token. This number is the number of milliseconds until the generated token expires.

This value is expected to resolve be a positive number. If no number is provided, the generated token will have no expiration date.

Node Example

Here’s an example output from running the above workflow…

{
...
"data": {
  "responseToken": "*****REDACTED*****",
  "responseUser": {
    "experienceGroups": [
      {
        "parentId": null,
        "name": "Big Group",
        "id": "5cf56461de4c7000076dd645"
      }
    ],
    "id": "5cf577d26c7afe000648d1eb",
    "avatarUrl": "img.png",
    "experienceUserId": "5cf577d26c7afe000648d1eb",
    "lastLogin": "2019-06-03T19:45:09.982Z",
    "passwordLastUpdated": "*****REDACTED*****",
    "lastUpdated": "2019-06-03T19:45:09.984Z",
    "creationDate": "2019-06-03T19:41:06.027Z",
    "applicationId": "5cf1390866134300069de818",
    "lastName": "Tnasol",
    "firstName": "Peter",
    "email": "peter@losant.com",
    "userTags": {
      "Role": "Yes"
    }
  },
  "body": {
    "password": "*****REDACTED*****",
    "email": "peter@losant.com"
  },
  ...
}