Module: authentication

API address: /api/auth

Module	Services	Data types	Constants
authentication	AuthenticationService createTeamToken login loginWithIdp loginWithIdpAndTeam loginWithIdpAndTeamSelect loginWithSSO loginWithTeamSelect loginWithToken logout	AuthTokenMetaResult IdpAuth LoginOptions LoginResult LoginTeamInfo PasswordAuth SSOProvider SSORequest TeamInfo TeamSelectResult ValidAuthTypes WebSSOAuth

Enumerations

Enumeration: SSOProvider

`OKTA`	`1`

Data structures

Struct: TeamInfo

Key	Field	Type	Description	Requiredness
1	boolSettings	`map<string, bool>`	This includes User + Device Overriden Settings	default
2	textSettings	`map<string, string>`		default
3	optionSettings	`map<string, string>`		default
4	referenceListSettings	`map<string, list<setting.Reference>>`		default
5	stringListSettings	`map<string, list<string>>`		default
20	priorities	`list<job.PriorityLevel>`		optional

Struct: AuthTokenMetaResult

Key	Field	Type	Requiredness
1	userId	`string`	default
2	creatorId	`string`	default
3	createdAt	`i64`	default
4	userEmail	`string`	optional
5	creatorEmail	`string`	optional
6	revokedAt	`i64`	optional
7	revokedById	`string`	optional
8	revokedByEmail	`string`	optional
9	token	`string`	optional
10	userName	`string`	optional
11	creatorName	`string`	optional
12	revokedByName	`string`	optional

Struct: LoginResult

Key	Field	Type	Description	Requiredness
1	authToken	`string`		default
2	currentUser	`user.User`		default
3	teamIdToTeamRole	`map<string, list<user.TeamRole>>`	Map of all the roles currentUser has across all the teams she is a part of	default
4	teamIdToRegionId	`map<string, string>`	The following two maps indicate the API host to contact for customers with non-US deployments. Every team is located on one region, and the maps specify which region each of the teams you can access are located, and for each of them what the relevant hostnames are.	default
5	regionIdToRegion	`map<string, team.Region>`		default
6	preferredRegionId	`string`		default
7	periods	`AuthPeriods`		default
8	teamIdToJobPermissions	`map<string, job_role.JobPermissions>`		default
9	teamIdToInfo	`map<string, TeamInfo>`		default
10	mothershipCertificate	`string`	This is a server signed certificate you can use to authenticate other people's certificate in mesh mode	optional
11	userCertificate	`string`	If you requested the server to sign a certificate this response will have the PEM encoded cert	optional
12	sessionId	`string`	Session ID for the current login (also encoded in the authToken)	default
13	proxyUserEmail	`string`	Logged in through the crendentials of this (super admin) user	optional
14	currentUserModular	`user.UserModular`		default
15	userPinHash	`string`	* The hash of the user pin if there is one *	optional

Struct: WebSSOAuth

Key	Field	Type	Description	Requiredness	Default value
1	url	`string`	relative URL on MotherShip to send browser to to begin (includes a query token)	default

Struct: PasswordAuth

Key	Field	Type	Description	Requiredness	Default value

currently a sentinel type, but could also be used to pass any extra useful details about the password authentication (eg, minimum length)

Struct: IdpAuth

Key	Field	Type	Description	Requiredness
1	idpAlias	`string`	Identity provider alias for IDP brokering	optional
2	issuer	`string`		optional
3	authorizationEndpoint	`string`		optional
4	tokenEndpoint	`string`		optional
5	isMultiTeam	`bool`		optional
6	endSessionEndpoint	`string`		optional

Struct: ValidAuthTypes

Key	Field	Type	Requiredness
1	passwordAuth	`PasswordAuth`	optional
2	webSSO	`WebSSOAuth`	optional
3	isAutomaticallyProvisioned	`bool`	optional
4	isSSO	`bool`	optional
5	idpAuth	`IdpAuth`	optional
6	isIdpAuth	`bool`	optional

Struct: LoginOptions

Key	Field	Type	Description	Requiredness	Default value
1	certificateSigningRequest	`string`	Send up a PEM encoded certificate signing request for mothership to sign You can then use this certificate later on prove your authenticity to other people. Mothership will override any parameters it sees fit (will use same public key) So always use the LoginResult#userCertificate you get back down	optional
2	proxiedUserEmail	`string`	Login as this user, but with a proxy super admin account If the account is not a super admin, the login would be rejected The returned token and user will be the proxied user's, with the `proxyUserEmail` set to the admin's email	optional

Struct: LoginTeamInfo

Key	Field	Type	Description	Requiredness	Default value
1	name	`string`		default
2	teamId	`string`		default

Struct: TeamSelectResult

Key	Field	Type	Description	Requiredness	Default value
1	loginResult	`LoginResult`		optional
2	teamInfo	`list<LoginTeamInfo>`		optional

Struct: SSORequest

Key	Field	Type	Requiredness
1	provider	`SSOProvider`	required
2	token	`string`	optional
3	parameter	`string`	optional

Services

Service: AuthenticationService

Function: AuthenticationService.login

LoginResult login(string email,
                  string password,
                  LoginOptions options)
    throws common.SystemException

NOAUTH HIDE_ARG{options}

Function: AuthenticationService.loginWithSSO

LoginResult loginWithSSO(SSORequest request)
    throws common.SystemException

Validates a token gotten by a third party service and returns a Parsable auth token. Provider: which provider is used for authenticate. Token: the token to validate with the provider. Options: Provider specific

Function: AuthenticationService.loginWithTeamSelect

TeamSelectResult loginWithTeamSelect(string email,
                                     string password,
                                     LoginOptions options)
    throws common.SystemException

This endpoint checks if the user is on multiple teams. If they are it returns a list of teams to select from or if the user is only on a single team they will be logged in

Function: AuthenticationService.loginWithIdp

LoginResult loginWithIdp(LoginOptions options)
    throws common.SystemException

Parses a Parsable IDP Authorization header Bearer token. Returns a Parsable auth token.

Function: AuthenticationService.loginWithIdpAndTeam

LoginResult loginWithIdpAndTeam(string teamId,
                                LoginOptions options)
    throws common.SystemException

Parses a Parsable IDP Authorization header Bearer token. Returns a Parsable auth token. TeamId is required.

Function: AuthenticationService.loginWithIdpAndTeamSelect

TeamSelectResult loginWithIdpAndTeamSelect(LoginOptions options)
    throws common.SystemException

* Parses a Parsable IDP Authorization header Bearer token. If the user belongs to multiple teams this returns a list of teams to select from. * If the user is only on a single team they will be logged in.

Function: AuthenticationService.logout

void logout()
    throws common.SystemException

Logout

Function: AuthenticationService.createTeamToken

LoginResult createTeamToken(string teamId)
    throws common.SystemException

Exchange a token for a token with a teamId *

Function: AuthenticationService.loginWithToken

LoginResult loginWithToken(string authToken)
    throws common.SystemException