SSO OpenID¶
SSO OpenID Login¶
-
POST/api/v1/openid/login/¶ - Perform a Single Sign On login to Customer’s OpenID service.This API is the second step of the OpenID connection. It assumes that the API client (usually as Web portal) has already done the first step to validate his credentials towards to OpenId server, got an authorization code and is providing to APIO the auhtorization code received in order that APIO uses it to fetch the tokens of the user.It must be noted that this API will always need a custom project integration to understand the information present in the tokens received as there is not standard.It must also be noted that this type of login could be available for some types of users and not for others who will need to use the other login APIs.
Example request:
POST /api/v1/openid/login/ HTTP/1.1 Host: example.com Content-Type: "application/json" { "nonce": "3f1dbf38-63d1-4a68-805c-fa55dea17a84", "authorization_code": "bW9jay5hdXRoLmNvZGUuYXBpby50ZXN0", "redirect_uri": "http://localhost:1234/openid/callback/" }
- Request JSON Object:
nonce (string) – the nonce generated on the frontend and sent in STEP 1 against the Customer’s OpenID service.
authorization_code (string) – the code returned by the Customer’s OpenID service as response of STEP 1.
redirect_uri (string) – the redirect url used to receive the response of STEP 1.
Example response:
HTTP/1.1 200 OK Content-Type: "application/json" Set-Cookie: sessionid=0123456780 { "ids": { "tenant_id": "Pie", "group_id": "PieGroup" }, "profile": { "user_level": 8, "broadsoft_type": "Group", "username": "admin_PieGroup@sip.netaxis.be", "is_first_login": false, "first_name": "", "last_name": "", "language": "English", "access_type": 0, "read_only": false, "user_type": "no_userType", "is_expired": false } }
- Response JSON Object:
ids (object) – The list of ids of the connected group admin defined as Ids attributes, to be used by the client to build further API urls. Of course only ids relevant for the type of user connected are returned.
profile (object) – Some properties of the profile as defined in Login profile attributes. The optional parameters are only present if relevant and if the ‘provide_basic_profile’ flag is set in the request.
- Status Codes:
200 OK – no error, successfully logged
authentication failure
SSO_REFUSED: (see SSO_REFUSED as defined in Error codes for details) Received in case the OpenID server has refused the connection.
SSO_INVALID_GROUPID_AND_USERNAME: (see SSO_INVALID_GROUPID_AND_USERNAME as defined in Error codes for details) Received in case of failed authentication with the data returned by server.
SSO_INVALID_USERNAME: (see SSO_INVALID_USERNAME as defined in Error codes for details) Received in case of invalid username returned by the OpenID server.
SSO_MULTI_GROUPS: (see SSO_MULTI_GROUPS as defined in Error codes for details) Received in case of more than one GroupId returned by the server.
SSO_INVALID: (see SSO_INVALID as defined in Error codes for details) Received in case of missing TokenID from the OpenID server or the nonce is not matching.
SSO_UNREACHABLE: (see SSO_UNREACHABLE as defined in Error codes for details) Received in case of non reachable OpenID server.
SSO OpenID Logout¶
-
POST/api/v1/openid/logout/¶ - Perform a Single Sign On logout operation to Customer’s OpenID service.
Example request:
POST /api/v1/openid/logout/ HTTP/1.1 Host: example.com Content-Type: "application/json" {}
Example response:
HTTP/1.1 200 OK Content-Type: "application/json" {}
- Status Codes:
200 OK – no error, successfully logged
authentication failure
SSO_REFUSED: (see SSO_REFUSED as defined in Error codes for details) Received in case the OpenID server has refused the connection.
SSO_UNREACHABLE: (see SSO_UNREACHABLE as defined in Error codes for details) Received in case of non reachable OpenID server.