Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/FlasheyEstudi/Oasis-Liquido/llms.txt

Use this file to discover all available pages before exploring further.

Oasis Liquido’s authentication endpoints handle the full identity lifecycle: account creation, credential verification, token renewal, and session termination. All tokens are JWTs signed with HS256. The access token has a short expiry; use the refresh token to obtain a new one without re-prompting the user.

POST /api/v1/auth/register

Create a new user account. On success, returns the created user object and an access_token in the response body. The refresh_token is set as an httpOnly cookie — it is not in the JSON response.

Request body

email
string
required
A valid, unique email address. Used for login and account recovery.
password
string
required
The user’s plaintext password. Stored as a bcrypt hash.
name
string
required
The user’s full display name.
phone
string
Optional contact phone number.
role
string
The user’s role. Accepted values: admin, doctor, receptionist, patient, pharmacy_manager, delivery_driver. Defaults to patient if omitted.

curl example

curl --request POST http://localhost:8000/api/v1/auth/register \
  --header "Content-Type: application/json" \
  --data '{
    "email": "ana@example.com",
    "password": "s3cur3pass",
    "name": "Ana García",
    "phone": "+52 55 1234 5678",
    "role": "patient"
  }'

POST /api/v1/auth/login

Authenticate with email and password. Returns an access_token in the response body. The refresh_token is set as an httpOnly cookie named refresh_token — it is not in the JSON response.

Request body

email
string
required
The registered email address.
password
string
required
The account password.

curl example

curl --request POST http://localhost:8000/api/v1/auth/login \
  --header "Content-Type: application/json" \
  --data '{
    "email": "ana@example.com",
    "password": "s3cur3pass"
  }'

POST /api/v1/auth/refresh

Exchange a valid refresh token for a new access_token and refresh_token pair. The server reads the refresh token from the refresh_token httpOnly cookie set during login or register. As a fallback, you may also pass it in the request body.

Request body (optional fallback)

refresh_token
string
The refresh token as a fallback if the httpOnly cookie is not available. In browser environments, the cookie is sent automatically.
curl --request POST http://localhost:8000/api/v1/auth/refresh \
  --cookie "refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

curl example (body fallback)

curl --request POST http://localhost:8000/api/v1/auth/refresh \
  --header "Content-Type: application/json" \
  --data '{"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."}'

POST /api/v1/auth/logout

Invalidate the current session. Requires a valid Bearer token. No request body is needed.

curl example

curl --request POST http://localhost:8000/api/v1/auth/logout \
  --header "Authorization: Bearer <access_token>"

GET /api/v1/auth/me

Return the full profile of the currently authenticated user, including any role-specific nested profile (e.g., doctor_profile, patient_profile).

curl example

curl http://localhost:8000/api/v1/auth/me \
  --header "Authorization: Bearer <access_token>"

Response fields

id
string
required
UUID of the user.
email
string
required
The user’s email address.
name
string
required
The user’s full name.
role
string
required
The user’s role. One of: admin, doctor, receptionist, patient, pharmacy_manager, delivery_driver.
phone
string
Optional phone number.
avatar_url
string
Optional URL to the user’s avatar image.
is_active
boolean
required
Whether the account is active.
created_at
string
required
ISO 8601 timestamp of account creation.
updated_at
string
required
ISO 8601 timestamp of last update.
doctor_profile
object
Present when role is doctor.
patient_profile
object
Present when role is patient.

Build docs developers (and LLMs) love

Get started for freeTalk to us