# authentication

OAuth2 authentication.
Set management node URL:

# POST /auth/logout

# Parameters

  • No parameters...

# Endpoint

curl -X POST http://mgmt-node:8080/api/auth/logout 

# POST /auth/login

OAuth 2 authentication via HTTP basic authentication, see Section 4.4 of RFC 6749 for details.

# Parameters

  • grant_typestringOAuth 2 grant type, must be set to "client_credentials" for this endpoint.

# Endpoint

curl -X POST http://mgmt-node:8080/api/auth/login 

# Response 200

  • access_tokenstringAccess token, should be handled as an opaque value as the format may change in the future.
  • token_typestringOAuth2 token type, always "bearer".
  • expires_innumberDuration in seconds.
  • rolesarrayAll roles of the user the token is associated with.
  • userIdintegerInternal id of the user this token is associated with.
  • passwordWasNeverChangedbooleanSet if the user never changed their password.

# Example response

{
  "access_token": "string",
  "token_type": "string",
  "expires_in": ,
  "roles": [
    "string"
  ],
  "userId": 0,
  "passwordWasNeverChanged": true
}

# POST /auth/login-form

OAuth 2 authentication with all parameters as url-encoded form, see Section 4.3 of RFC 6749 for details.

# Parameters

  • grant_typestringOAuth 2 grant type, must be set to "password" for this endpoint.
  • usernamestringUser name of the croit or LDAP user.
  • passwordstringPlaintext password.

# Endpoint

curl -X POST http://mgmt-node:8080/api/auth/login-form 

# Response 200

  • access_tokenstringAccess token, should be handled as an opaque value as the format may change in the future.
  • token_typestringOAuth2 token type, always "bearer".
  • expires_innumberDuration in seconds.
  • rolesarrayAll roles of the user the token is associated with.
  • userIdintegerInternal id of the user this token is associated with.
  • passwordWasNeverChangedbooleanSet if the user never changed their password.

# Example response

{
  "access_token": "string",
  "token_type": "string",
  "expires_in": ,
  "roles": [
    "string"
  ],
  "userId": 0,
  "passwordWasNeverChanged": true
}

# GET /auth/token-info

# Parameters

  • No parameters...

# Endpoint

curl -X GET http://mgmt-node:8080/api/auth/token-info 

# Response 200

  • usernamestring-
  • rolesarray-
  • expiryinteger-

# Example response

{
  "username": "string",
  "roles": [
    "string"
  ],
  "expiry": 0
}

# GET /auth/okta/signInConfig

# Parameters

  • No parameters...

# Endpoint

curl -X GET http://mgmt-node:8080/api/auth/okta/signInConfig 

# Response 200

  • baseUrlstring-
  • clientIdstring-
  • issuerstring-
  • audiencestring-
  • mapRolesobject-

# Example response

{
  "baseUrl": "string",
  "clientId": "string",
  "issuer": "string",
  "audience": "string",
  "mapRoles": {}
}

# POST /auth/okta/login

# Parameters

  • bodyobject-
    • idTokenstring-

# Endpoint

curl -X POST http://mgmt-node:8080/api/auth/okta/login 

# Example body

{
  "idToken": "string"
}

# Response 200

  • access_tokenstringAccess token, should be handled as an opaque value as the format may change in the future.
  • token_typestringOAuth2 token type, always "bearer".
  • expires_innumberDuration in seconds.
  • rolesarrayAll roles of the user the token is associated with.
  • userIdintegerInternal id of the user this token is associated with.
  • passwordWasNeverChangedbooleanSet if the user never changed their password.

# Example response

{
  "access_token": "string",
  "token_type": "string",
  "expires_in": ,
  "roles": [
    "string"
  ],
  "userId": 0,
  "passwordWasNeverChanged": true
}