You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3.8 KiB
3.8 KiB
Login
Tujuan
Autentikasi pengguna via LDAP dan mendapatkan JWT Bearer token untuk mengakses API.
Business Rule
- Username dan password divalidasi ke Active Directory (
10.100.1.40) - Hanya user yang terdaftar di group
Domain Admins,Administrators, atauEnterprise Adminsyang mendapatis_admin: true - JWT diterbitkan dengan TTL dari
API_LDAP_JWT_TTL(default: 3600 detik) - Setiap percobaan login (berhasil maupun gagal) dicatat di audit log
- Maksimum 10 percobaan login per menit per IP
URL
POST https://console.gisportal.id/api/v1/auth/login
HTTP Method
POST
Authentication
Tidak diperlukan.
Request Header
Content-Type: application/json
Request Body
{
"username": "john.doe",
"password": "Password123!"
}
Validation
| Field | Aturan |
|---|---|
username |
required, string, max 100 karakter |
password |
required, string, max 255 karakter |
Response Success
HTTP 200
{
"data": {
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJqb2huLmRvZSIsImlzX2FkbWluIjp0cnVlLCJleHAiOjE3MTk1MDAwMDB9.signature",
"token_type": "Bearer",
"expires_in": 3600,
"auth_type": "ldap_jwt",
"user": {
"username": "john.doe",
"display_name": "John Doe",
"is_admin": true
}
}
}
Response Error
HTTP 401 — Kredensial salah:
{
"error": {
"code": "invalid_credentials",
"message": "Invalid LDAP credentials."
}
}
HTTP 422 — Validasi gagal:
{
"message": "The given data was invalid.",
"errors": {
"username": ["The username field is required."]
}
}
HTTP 429 — Rate limit:
{
"message": "Too Many Attempts."
}
Status Code
| Code | Kondisi |
|---|---|
| 200 | Login berhasil |
| 401 | Kredensial LDAP salah |
| 422 | Validasi request gagal |
| 429 | Rate limit (10x/menit) |
Contoh Request
curl -s -X POST https://console.gisportal.id/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"john.doe","password":"Password123!"}'
Contoh Response
{
"data": {
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"auth_type": "ldap_jwt",
"user": {
"username": "john.doe",
"display_name": "John Doe",
"is_admin": true
}
}
}
Sequence Flow
sequenceDiagram
Client->>API: POST /auth/login {username, password}
API->>LDAP: bind(username, password)
LDAP-->>API: success / failed
alt Login berhasil
API->>LDAP: lookup user groups
LDAP-->>API: group list
API->>API: issue JWT
API->>AuditLog: log api.v1.auth.login
API-->>Client: 200 {access_token, user}
else Login gagal
API->>AuditLog: log api.v1.auth.login.failed
API-->>Client: 401 invalid_credentials
end
Database yang Diakses
- LDAP (
10.100.1.40) — read only untuk validasi databaselist_audit— write untuk audit log
Audit Log
| Event | Kondisi |
|---|---|
api.v1.auth.login |
Login berhasil |
api.v1.auth.login.failed |
Login gagal |
Rate Limit
10 request / menit per IP. Dikonfigurasi via Laravel throttle middleware throttle:10,1.
Idempotent
Tidak — setiap request login menghasilkan JWT baru.
Retry Policy
- Jika
401: jangan retry otomatis. Minta user input ulang. - Jika
429: tunggu 60 detik. - Jika
500: retry max 2x dengan backoff 2s.
Security
- Password tidak disimpan di geonet-console, divalidasi langsung ke LDAP
- JWT disign dengan
APP_KEYLaravel - Token dikirim hanya via HTTPS
Changelog
| Tanggal | Perubahan |
|---|---|
| 2026-06-23 | Dokumentasi dibuat |