# Authorisation Service

The **authorisation** class is used to obtain an **authorisation token**, **login** a user or change a user's **password**.

```javascript
const { Authorisation } = require('n-membership-sdk');
const authorisation = new Authorisation(config);
```

## Table of Contents

* [Config](#config)
	* [authorisationApiClientId](#authorisationApiClientId)
	* [loginApiKey](#loginApiKey)
	* [userCredApiKey](#userCredApiKey)
	* [How to obtain a key](#how-to-obtain-a-key)
* [Public Variables](#public-variables)
* [Methods](#methods)
	* [getToken](#getToken)
	* [login](#login)
	* [changePassword](#changePassword)

## Config

* See common configuration options in the [README file](./README.doc)
* `authorisationApiClientId`
* `loginApiKey`
* `userCredApiKey`

```javascript
const config = new ProductionConfiguration({
	authorisationApiClientId: 'secretId',
	loginApiKey: 'secret',
	userCredApiKey: 'secret'
});
```

### authorisationApiClientId

- This is a `client_id` assigned to individual clients to gain access to the `api-authz-svc`
- When requesting this client_id, provide a description of what it will be used for.

### loginApiKey

- Provides access to the membership **login api**

### userCredApiKey

- Provides access to the membership **user-cred-svc**

### How to obtain a key

```
	#membership-support slack channel for a key for the service i.e. user-cred-svc.
```

Do one of the following:

1. Check in Doppler for your app to see if an authorisation API key already exists.
2. Contact #membership-support slack channel for an authorisation service key.

## Public Variables

| Name                      | Default     |
| ------------------------- | ----------- |
| SESSION_COOKIE_EXPIRY     | 6 months    |
| SESSION_TOKEN_NAME        | FTSession   |
| SECURE_SESSION_TOKEN_NAME | FTSession_s |

## Methods

### getToken

```javascript
const authorisationToken = authorisation.getToken(sessionToken);
```

| Parameters   | Required | Type   | Example           | Description    |
| ------------ | ---------| ------ | ------------------|------------------
| sessionToken | yes      | String | zyoRrJB7YEJC...   | This is the FTSession_s token which can be retrieved from [authorisation.login](#login) |

Response: `authorisationToken`

This is used for:
* [updateProfile](../models/USER.md#updateProfile)

### login

```javascript
const response = authorisation.login(email, password, rememberMe);
```

| Parameters   | Required | Type   | Example            | Description             |
| ------------ | ---------| ------ | ------------------ | ----------------------- |
| email        | yes      | String | email@example.com  | User's email            |
| password     | yes      | String | somepassword       | User's password         |
| rememberMe   | no       | Boolean| false              | Keeps a user logged in. This defaults to **false** |

**Response**: `Array<SessionCookie>`

This is an array of session cookie information to be used as follows (in express, for example):

```js
for (const cookie of response) {
	res.cookie(cookie.key, cookie.token, cookie.options);
}
```

An example of `cookie.options`:

```js
options = {
	path: '/',
	domain: '.ft.com',
	expires: new Date(Date.now() + auth.SESSION_COOKIE_EXPIRY)
};
```

The second element in the array contains the `secureSessionToken` information which can be used for the following:

* [authorisation.getToken](#getToken)
* [graphqlSdk.getUserDetails](GRAPHQL.md#getUserDetails)

### changePassword

- Besides `userId` and `reasonForChange`, which are always required, the other parameters expected for the request are dependant on the `reasonForChange` value given.

```javascript
const passwordChangeSuccessful = authorisation.changePassword(userId, reasonForChange);
const passwordChangeSuccessful = authorisation.changePassword(userId, reasonForChange, newPassword, oldPassword, resetPasswordToken);
```

| Parameters        | Required | Type   | Example         | Description    |
| ----------------- | -------- | -------| ----------------| -------------- |
| userId            | yes      | String | decafbc4-335... | User's id      |
| newPassword       | see desc | String | newPassword     | User's new password. Required depending on reasonForChange, see table below |
| oldPassword       | see desc | String | somepassword    | User's last password. Required depending on reasonForChange, see table below |
| resetPasswordToken| see desc | String | eyJ1c2VySWQ...  | Token or AccessToken. Required depending on reasonForChange, see table below |
| reasonForChange   | yes      | String | reset-password  | The user's reasoning for changing their password |

**Response**: Boolean

#### reasonForChange

Requirements for `newPassword`, `oldPassword` and `resetPasswordToken` depend on the value of `reasonForChange`.
Refer to the table below to find what is required.

| reasonForChange        | Required params |
| ---------------------- | -------- |
| concurrency-detected   | <none> |
| b2b-account-created    | <none> |
| passwordless-signup    | <none> |
| sso-auto-link          | <none> |
| reset-password         | `reasonForChange`, `newPassword`, (`oldPassword` OR `token`) |
| reset-password         | `reasonForChange`, `newPassword`, (`oldPassword` OR `token`) |
| owner-requested        | `reasonForChange`, `newPassword`, (`oldPassword` OR `token`) |

#### Membership api
https://user-cred-svc-eu-prod.memb.ft.com/__api#operation/change-password

## Documentation

| Documentation     | Description | Owner |
| -------------- | -------- | -------- |
| [Secure Login API](https://secure-login-api.memb.ft.com/__api#operation/login) | Documentation for the Secure Login API| FT Core - Membership |
