Auth API

The Auth API provides session and server information and enables the creation of reusable session cookies, unlike the stateless access offered by API key authentication.

GET /auth

Retrieve session info and server info.

Request

GET /auth

Response

200 Ok

If the user is not authenticated, the result will be similar to this:

{
    "clientAdress": "192.168.5.150",
    "oidcIssuer": "https://accounts.kodall.com/realms/public/", //Since 1.7.2
    "name": "ONE Framework Server",
    "isSecure": true,
    "version": "1.7.2"
}

If the user is authenticated then the result will contain information about the session:

{
    "clientAdress": "[0:0:0:0:0:0:0:1]",
    "oidcIssuer": "https://accounts.kodall.com/realms/public/", //Since 1.7.2
    "name": "ONE Framework Server",
    "isSecure": true,
    "version": "1.7.2"
    "userName": "andreea",
    "userFullName": "Andreea",
    "userKey": 8,
    "userBusinessUnitKey": 1    
    "userOrganizationKey": 1,
}

POST /auth

Authenticates the user and creates the session. Authentication can be done via user name and password or via an access token issued by the issuer provided in the ‘oidcIssuer’ field.

Request

POST /auth

Authentication with user and password in HTML form
HeaderValue
Content-Typeapplication/x-www-form-urlencoded

Example payload:

user=root&password=pass&locale=ro
Authentication with user and password in JSON
HeaderValue
Content-Typeapplication/json

Example payload:

{
    "user": "root"
    "password": "pass"
    "locale": "ro"
}
Authentication with OpenId access token

Both tokens defined in headers should be issued by the issuer defined in the oidcIssuer field of the GET /auth response.

If the request includes a refresh token, the server will handle refreshing the access token. Otherwise, the client is responsible for managing the refresh process.

HeaderDescription
Oidc-Auth-TokenAccess token (JWT)
Oidc-Refresh-TokenOptional. Refresh token (JWT).

The payload is ignored, and it should be empty.

Response

200 Ok

The authentication was succesful.

HeaderValue
Set-Cookieone.erp.rest.auth.token=abcdef; Path=/; Secure
Set-Cookieone.erp.rest.csrf.token=fedcba; Path=/; Secure; HttpOnly
Set-Cookieone.erp.rest.locale=ro; Path=/; Secure
{
    "clientAdress": "[0:0:0:0:0:0:0:1]",
    "oidcIssuer": "https://accounts.kodall.com/realms/public/", //Since 1.7.2
    "name": "ONE Framework Server",
    "isSecure": true,
    "version": "1.7.2"
    "userName": "andreea",
    "userFullName": "Andreea",
    "userKey": 8,
    "userBusinessUnitKey": 1    
    "userOrganizationKey": 1,
}
401 Unauthorized The request is not authorized.

HEAD /auth?logout=1

Terminates the session.

200 Ok

The authentication was succesful.

HeaderValue
Set-Cookieone.erp.rest.auth.token=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure
Set-Cookieone.erp.rest.locale=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure
Set-Cookieone.erp.rest.csrf.token=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure

POST /auth/password

Retrieve session info and server info.

Request

POST /auth/password

HeaderValue
Content-Typeapplication/x-www-form-urlencoded

Example payload:

current-password=1234&set-password=4321&confirm-password=4321

Response

200 Ok The password was changed.
401 Unauthorized The operation is not authorized.
← Security Architecture
Entities API →