Auth API
The Auth API provides session and server information and enables the creation of reusable session cookies, unlike the stateless access offered by API key authentication.
GET /auth
Retrieve session info and server info.
Request
GET /auth
Response
200 Ok
If the user is not authenticated, the result will be similar to this:
{
"clientAdress": "192.168.5.150",
"oidcIssuer": "https://accounts.kodall.com/realms/public/", //Since 1.7.2
"name": "ONE Framework Server",
"isSecure": true,
"version": "1.7.2"
}
If the user is authenticated then the result will contain information about the session:
{
"clientAdress": "192.168.5.150",
"oidcIssuer": "https://accounts.kodall.com/realms/public/", //Since 1.7.2
"name": "ONE Framework Server",
"isSecure": true,
"version": "1.7.2"
"userName": "andreea",
"userFullName": "Andreea",
"userKey": 8,
"expiresIn": 300,
"userBusinessUnitKey": 1
"userOrganizationKey": 1,
}
Possible Params
Roles - GET /auth?roles=1
Profiles - GET /auth?profiles=1
The request params can be combined as usual with &, so the complete example will be GET /auth?roles=1&profiles=1.
Response
200 Ok
This response will be available only if the user is authenticated then the result will contain:
{
"clientAdress": "192.168.5.150",
"oidcIssuer": "https://accounts.kodall.com/realms/public/", //Since 1.7.2
"name": "ONE Framework Server",
"isSecure": true,
"version": "1.7.2"
"roles": ["Role 1", "Role 2"],
"profiles":[
{
"displayName": "Profile Test 1",
"businessUnitKey": 4,
"name": "a_a4aff4f16a4a410a95fa08b951bc6e68",
"organizationKey": 256
},
{
"displayName": "Profile Test 2",
"businessUnitKey": 4,
"name": "am_294679b5c3a9445c86a1bfba8b4656f5",
"organizationKey": 299
},
{
"displayName": "Profile Test 3",
"businessUnitKey": 4,
"name": "a_e54d126fcf5f4c0a9258b31a68cb75c1",
"organizationKey": 426
}
],
"userName": "andreea",
"userFullName": "Andreea",
"userKey": 8,
"expiresIn": 300,
"userBusinessUnitKey": 1
"userOrganizationKey": 1,
}
POST /auth
Authenticates the user and creates the session. Authentication can be done via user name and password or via an access token issued by the issuer provided in the oidcIssuer field.
Request
POST /auth
Authentication with user and password in HTML form
| Header | Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Example payload:
user=root&password=pass&locale=ro
Authentication with user and password in JSON
| Header | Value |
|---|---|
Content-Type | application/json |
Example payload:
{
"user": "root"
"password": "pass"
"locale": "ro"
}
Authentication with OpenId access token
Both tokens defined in headers should be issued by the issuer defined in the oidcIssuer field of the GET /auth response.
If the request includes a refresh token, the server will handle refreshing the access token. Otherwise, the client is responsible for managing the refresh process.
| Header | Description |
|---|---|
Oidc-Auth-Token | Access token (JWT) |
Oidc-Refresh-Token | Optional. Refresh token (JWT). |
The payload is ignored, and it should be empty.
Response
200 Ok
The authentication was succesful.
| Header | Value |
|---|---|
Set-Cookie | one.erp.rest.auth.token=abcdef; Path=/; Secure |
Set-Cookie | one.erp.rest.csrf.token=fedcba; Path=/; Secure; HttpOnly |
Set-Cookie | one.erp.rest.locale=ro; Path=/; Secure |
{
"clientAdress": "[0:0:0:0:0:0:0:1]",
"oidcIssuer": "https://accounts.kodall.com/realms/public/", //Since 1.7.2
"name": "ONE Framework Server",
"isSecure": true,
"version": "1.7.2"
"userName": "andreea",
"userFullName": "Andreea",
"userKey": 8,
"userBusinessUnitKey": 1
"userOrganizationKey": 1,
}
401 Unauthorized
The request is not authorized.HEAD /auth?logout=1
Terminates the session.
200 Ok
The authentication was succesful.
| Header | Value |
|---|---|
Set-Cookie | one.erp.rest.auth.token=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure |
Set-Cookie | one.erp.rest.locale=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure |
Set-Cookie | one.erp.rest.csrf.token=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure |
POST /auth/password
Retrieve session info and server info.
Request
POST /auth/password
| Header | Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Example payload:
current-password=1234&set-password=4321&confirm-password=4321
Response
200 Ok
The password was changed.401 Unauthorized
The operation is not authorized.POST /auth/refresh
Refreshes the authentication token.
Request
POST /auth/refresh
Response
200 Ok
The refresh returns /auth response, as example:
{
"clientAdress": "192.168.5.150",
"oidcIssuer": "https://accounts.kodall.com/realms/public/", //Since 1.7.2
"name": "ONE Framework Server",
"isSecure": true,
"version": "1.7.2"
"userName": "andreea",
"userFullName": "Andreea",
"userKey": 8,
"expiresIn": 300,
"userBusinessUnitKey": 1
"userOrganizationKey": 1,
}
401 Unauthorized
UnauthorizedGET /auth/profiles
Retrieves the user profiles list.
Request
GET /auth/profiles
Response
200 Ok
[
{
"displayName": "Profile Test 1",
"businessUnitKey": 4,
"name": "a_a4aff4f16a4a410a95fa08b951bc6e68",
"organizationKey": 256
},
{
"displayName": "Profile Test 2",
"businessUnitKey": 4,
"name": "am_294679b5c3a9445c86a1bfba8b4656f5",
"organizationKey": 299
},
{
"displayName": "Profile Test 3",
"businessUnitKey": 4,
"name": "a_e54d126fcf5f4c0a9258b31a68cb75c1",
"organizationKey": 426
}
]
401 Unauthorized
UnauthorizedPOST /auth/profile/{name}
Change to specific profile.
Request
POST /auth/profile/{name}
Response
200 Ok
{
"idUser": 1,
"idBusinessUnit": 1,
"idOrganization": 1,
"name": "andreea"
}
401 Unauthorized
Unauthorized404 Not found
Profile Not foundPOST /auth/profile
Change to default profile.
Request
POST /auth/profile
Response
200 Ok
{
"idUser": 1,
"idBusinessUnit": 1,
"idOrganization": 1,
"name": "andreea"
}
401 Unauthorized
UnauthorizedGET /auth/roles
Retrieves the user roles list.
Request
GET /auth/roles
Response
200 Ok
["Role 1", "Role 2"]
401 Unauthorized
Unauthorized