"Message": "Authorization Required", "Code": "Authorization Required" After Login
See api-docs Menu
Create Session Login Token
Use this API to generate a session login token in scenarios in which MFA may or may not be required. Both scenarios are supported. A session login token expires ii minutes afterward creation.
When MFA is required, this API works in close conjunction with the Verify Factor API telephone call.
For detailed usage flows and examples that illustrate how to use this API to log a user in, see Logging a User in Via API.
Delegated Authentication
You lot can also use this API to delegate hallmark of a user to OneLogin without starting a OneLogin session. In delegated authentication, you care for the token returned in the200 OK - Success bulletin every bit a confirmation that the user has been authenticated, simply you do non utilise the session token itself.
Likewise, you can use the 401 - Unauthorized status code to indicate that a user could not be authenticated.
You can perform delegated hallmark with or without MFA. When MFA is required, the Create Session Login Token API works in close conjunction with the Verify Factor API call. When yous desire to simply authenticate a user in OneLogin and MFA is required, you can merely treat the token returned by the Verify Gene API in the 200 OK - Success message as a confirmation that the user has been authenticated.
Resource URL
https://<api-domain>/api/1/login/auth Header Parameters
| Authorization required string | Set up to Set The access token must have been generated using an API credential pair created using the scope required to telephone call this API. This API tin be called using the |
| Content-Type required string | Set up to application/json. |
| Custom-Allowed-Origin-Header-ane string | Required for CORS requests but. Set to the Origin URI from which you are immune to send a request using CORS. Port is optional. Do not include path information. Add as many comma-delimited URIs as you like, express only past header length. You can use additional headers if needed. For example, Y'all can utilise as many headers as you want. For more data, see Logging a User in Via API and Create Session Via API Token. |
Asking Parameters
| username_or_email required string | Ready to the username or email of the user that you lot want to log in. |
| password required string | Gear up to the countersign of the user that you want to log in. |
| subdomain required string | Prepare to the subdomain of the user that yous desire to log in. For example, if your OneLogin URL is Custom Domains When a custom domain is in use y'all nonetheless need to provide your original OneLogin subdomain in this field. Do not utilize the custom domain hither. |
| fields string | Optional. A comma separated listing of user fields to return. If this attribute is ommited and then by default the users id, firstname, lastname, email, and username will exist returned. Otherwise only the listing of fields supplied will be returned. For a full list of possible user fields see user resource. To return custom attributes prefix the field with `custom_attributes`. |
Request Body
{ "username_or_email":"<username_or_email>", "password":"<password>", "subdomain":"<subdomain>" } Sample Response
- 200 OK
- 400 Bad Asking
- 401 Unauthorized
This is what a 200 OK response looks like when MFA is not required.
{ "status": { "type": "success", "bulletin": "Success", "code": 200, "error": simulated }, "data": [ { "status": "Authenticated", "user": { "username": "kinua", "email": "kinua.wong@company.com", "firstname": "Kinua", "id": 88888888, "lastname": "Wong" }, "return_to_url": null, "expires_at": "2016/01/07 05:56:21 +0000", "session_token": "9x8869x31134x7906x6x54474x21x18xxx90857x" } ] } This is what a 200 OK response looks like when MFA is required.
{ "status": { "type": "success", "code": 200, "message": "MFA is required for this user", "mistake": false }, "data": [ { "user": { "e-mail": "jennifer.hasenfus@onelogin.com", "username": "jhasenfus", "firstname": "Jennifer", "lastname": "Hasenfus", "id": 88888888 }, "state_token": "xf4330878444597bd3933d4247cc1xxxxxxxxxxx", "callback_url": "https://api.us.onelogin.com/api/ane/login/verify_factor", "devices": [ { "device_type": "OneLogin OTP SMS", "device_id": 111111 }, { "device_type": "Google Authenticator", "device_id": 444444 } ] } ] } { "status":{ "type":"bad request", "code":400, "message":"MFA is required merely the user has not set upwards whatsoever factors", "error":true }, "error_method":true } { "status": { "code": 400, "error": true, "message": "Input JSON is not valid", "type": "bad request" } } { "status": { "type": "bad asking", "code": 400, "message": "user is unlicensed", "fault": true } } Typically, the post-obit error means that your email_or_username and/or subdomain values are invalid.
{ "status": { "error": true, "code": 400, "blazon": "bad request", "bulletin": "bad request" } } This fault means that your password has expired.
{ "status": { "type": "Unauthorized", "message": "Countersign expired", "error": true, "lawmaking": 401 } } Typically, the post-obit error means that your password is incorrect.
{ "condition": { "code": 401, "mistake": true, "message": "Authentication Failed: Invalid user credentials", "type": "Unauthorized" } User account is locked. Commonly due to many failed login attempts.
{ "condition": { "blazon": "Unauthorized", "code": 401, "message": "User is locked. Admission is unauthorized", "error": true } } Typically, the following error means that your access token values are incorrect but could also indicate user is suspended or non activated.
{ "status": { "code": 401, "error": true, "message": "Authentication Failed", "type": "Unauthorized" } Typically, the following error ways that the access token used to brand the telephone call was generated using API credentials that have bereft permissions. This API tin can be chosen using the Manage Users or Manage All scope merely.
{ "status": { "error": truthful, "code": 401, "type": "Unauthorized", "message": "Insufficient Permission" } } Response Elements
| | Engagement and time at which the session token will expire. Tokens expire two minutes after cosmos. Returned only when MFA is non required. |
return_to_url | Returns the Returned just when MFA is not required. |
session_token | Provides the session token that tin be used to log the user in. In cases in which yous are using this API to only delegate authentication, you can treat this token as a confirmation that the user has been authenticated. Returned simply when MFA is not required. |
status | Returned simply when MFA is not required. |
user | Provides information well-nigh the user that will be logged in via the session token.
|
state_token | Provides the Returned only when MFA is required. |
callback_url | Provides the Verify Cistron API endpoint to which the Returned simply when MFA is required. |
devices | Provides device values that must be submitted with the Verify Gene API phone call.
When the device type is Duo Security, two additional elements are returned:
Returned only when MFA is required |
Postman Collection
Be sure to set Postman-specific environs variables indicated by {{ }}.
Download for the Users API
Sample Code
cURL
Replace sample values indicated by < > with your actual values.
curlicue 'https://<api-domain>/api/1/login/auth' \ -Ten POST \ -H "Authorization: bearer: <access_token>" \ -H "Content-Type: application/json" \ -d '{ "username_or_email": "<username_or_email>", "countersign": "<password>", "subdomain": "<subdomain>" }' If you lot are using a CORS request to mail the session token, add:
-H "Custom-Immune-Origin-Header-1: <https://world wide web.foo.com>" \ where https://world wide web.foo.com is the verbal URL of the site from which the CORS asking will be posted.
Python
See Work with OAuth 2.0 Tokens, Users, and Roles.
Usage Flows and Code Samples
Run across Logging a User In Via API.
Have a Question?
Accept a how-to question? Seeing a weird fault? Ask us about information technology on StackOverflow.
Have a product thought or asking? Share it with us in our Ideas Portal.
"Message": "Authorization Required", "Code": "Authorization Required" After Login
DOWNLOAD HERE
Source: https://developers.onelogin.com/api-docs/1/login-page/create-session-login-token
Posted by: aacnewstoday88.blogspot.com
comment 0 komentar
more_vert