Authentication REST Interface
All requests must include the access token in the Authorization Header, except the /token
resource.
OAuth2 Informations¶
Get some general informations about this OAuth2 identity provider.
Client list¶
GET/clients
Get a list of active clients.
Headers
Content-Type: application/json
Accept: application/json
200
Headers
Content-Type: application/json
Body
[
{
"clientId": "adfiowerj9",
"name": "Samply MDR",
"description": "The central Samply MDR",
"redirectUrl": "https://mdr.samply.de/",
"type": "MDR"
}
]
Schema
{
"type": "array",
"$schema": "http://json-schema.org/draft-04/schema#"
}
Keys¶
GET/certs
Get the public keys used in Samply Auth.
Headers
Content-Type: application/json
Accept: application/json
200
Headers
Content-Type: application/json
Body
[
{
"keyType": "RSA",
"use": "sig",
"keyId": "1",
"n": "MEF43AB10F...",
"e": "AQAB",
"derFormat": "MIICIjANBgkqhkiG9w0BAQE...",
"base64DerFormat": "MIICIjANBgkqhkiG9w0BAQEFAA..."
}
]
Schema
{
"type": "array",
"$schema": "http://json-schema.org/draft-04/schema#"
}
OAuth2¶
Get an access token¶
POST/token
Get a new access token, id token and refresh token.
Headers
Content-Type: application/json
Accept: application/json
Body
{
"code": "adfwerwer",
"client_id": "abc",
"client_secret": "ghz",
"signature": "afsdfwre",
"refresh_token": "eysdfre"
}
Schema
{
"type": "object",
"properties": {
"code": {
"type": "string",
"description": "The random code from the redirect"
},
"client_id": {
"type": "string",
"description": "Your client ID"
},
"client_secret": {
"type": "string",
"description": "Your client secret. Use this attribute and the code to get a new access token"
},
"signature": {
"type": "string",
"description": "The base64 encoded signature of the code. Use this attribute if you want to use your private key for authentication."
},
"refresh_token": {
"type": "string",
"description": "The refresh token you got earlier from Samply Auth. Use this attribute if you want to use your previously obtained refresh token to get a new access token."
}
},
"$schema": "http://json-schema.org/draft-04/schema#"
}
200
Headers
Content-Type: application/json
Body
{
"access_token": "eysdfwer234wr.sfdsdfwer....",
"id_token": "eysdfwerfdg",
"refresh_token": "eysdfertwt"
}
Schema
{
"type": "object",
"properties": {
"access_token": {
"type": "string",
"description": "The signed JWT access token"
},
"id_token": {
"type": "string",
"description": "The signed JWT ID token, that contains informations about the user, like his real name"
},
"refresh_token": {
"type": "string",
"description": "The signed refresh token, that you can use to get a new access token."
}
},
"$schema": "http://json-schema.org/draft-04/schema#"
}
400
No payload or the refresh token is not valid
401
Your client has been disabled (code) or the user has been disabled (signature)
403
The provided refresh token is not valid
404
The client ID, client secret or code are unknown or the sign request is unknown
Get a sign request¶
POST/sign_request
Get a code that you can sign to get an access token.
Headers
Content-Type: application/json
Accept: application/json
Body
{
"keyId": 123,
"sha512Hash": "abdc545"
}
Schema
{
"type": "object",
"properties": {
"keyId": {
"type": "number",
"description": "Your key ID"
},
"sha512Hash": {
"type": "string",
"description": "The SHA512 hash of your public key. Use this if you do not know your key ID"
}
},
"$schema": "http://json-schema.org/draft-04/schema#"
}
200
Headers
Content-Type: application/json
Body
{
"code": "asdwer",
"expirationDate": 123234234,
"algoritm": "SHA512withRSA"
}
Schema
{
"type": "object",
"properties": {
"code": {
"type": "string",
"description": "The code that you must sign"
},
"expirationDate": {
"type": "number",
"description": "The expiration date of this sign request"
},
"algoritm": {
"type": "string",
"description": "The signature algorithm that you must use"
}
},
"$schema": "http://json-schema.org/draft-04/schema#"
}
404
The key could not be found.
Get data about the token¶
GET/tokeninfo
Headers
Authorization: Bearer eyfswer....
Accept: application/json
200
Headers
Content-Type: application/json
Body
{
"expirationDate": 123123,
"subject": "https://test.de/users/5",
"scope": [
"mdr",
"openid",
"login",
"formrepository"
],
"nonce": "asdfsdfwr",
"notBeofre": 123123,
"issuer": "https://auth.samply.de"
}
Schema
{
"type": "object",
"properties": {
"expirationDate": {
"type": "number",
"description": "Expiration date of the access token"
},
"subject": {
"type": "string",
"description": "The subject of the access token"
},
"scope": {
"type": "array",
"description": "The list of scopes from the access token"
},
"nonce": {
"type": "string",
"description": "A random string"
},
"notBeofre": {
"type": "number",
"description": "The date before the access token must be rejected"
},
"issuer": {
"type": "string",
"description": "The issuer of the access token"
}
},
"$schema": "http://json-schema.org/draft-04/schema#"
}
403
The given access token is not valid
Get data about the user¶
GET/userinfo
Headers
Authorization: Bearer eyfswer....
Accept: application/json
200
Headers
Content-Type: application/json
Body
{
"real_name": "Max Mustermann",
"contact_information": "Phone: 01234/5678",
"locality": {
"id": "UNIMAINZ",
"name": "Universitäts Medizin Mainz",
"description": "Der Standort Universitätsmedizin Mainz im DKTK"
},
"email": "max@mustermann.de",
"email_verified": true
}
Schema
{
"type": "object",
"properties": {
"real_name": {
"type": "string",
"description": "The real name of the user"
},
"contact_information": {
"type": "string",
"description": "The contact informations"
},
"locality": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The identifier for this locality"
},
"name": {
"type": "string",
"description": "The name of the locality"
},
"description": {
"type": "string",
"description": "The description of the locality"
}
},
"description": "The locality of the user"
},
"email": {
"type": "string",
"description": "The users email address"
},
"email_verified": {
"type": "boolean",
"description": "If true, the user has verified his email address"
}
},
"$schema": "http://json-schema.org/draft-04/schema#"
}
403
The given access token is not valid
Search for users¶
GET/users/search{?query}
- query
string
(required) Example: MaxThe name or email address that you what to search for
Headers
Authorization: Bearer eyfswer....
Accept: application/json
200
Headers
Content-Type: application/json
Body
[
{
"real_name": "Max Mustermann",
"contact_information": "Phone: 01234/5678",
"locality": {
"id": "UNIMAINZ",
"name": "Universitäts Medizin Mainz",
"description": "Der Standort Universitätsmedizin Mainz im DKTK"
},
"email": "max@mustermann.de",
"email_verified": true
}
]
Schema
{
"type": "array",
"$schema": "http://json-schema.org/draft-04/schema#"
}
Registration¶
Register your Registry¶
POST/register
Register your Registry, Bridgehead or Share Client at Samply Auth. In the end this request creates a new user in Samply Auth.
Headers
Content-Type: application/json
Accept: application/json
Body
{
"email": "admin@osse.rare",
"name": "Registry for Rare diseases",
"description": "OSSE",
"base64EncodedPublicKey": "MIIsdfwer"
}
Schema
{
"type": "object",
"properties": {
"email": {
"type": "string",
"description": "disease.org (string) - The admins email address"
},
"name": {
"type": "string",
"description": "A human readable name for your registry"
},
"description": {
"type": "string",
"description": "Registry (string) - A description of the application that uses this key"
},
"base64EncodedPublicKey": {
"type": "string",
"description": "Your base64+DER encoded public key"
}
},
"$schema": "http://json-schema.org/draft-04/schema#"
}
200
Headers
Content-Type: application/json
Body
{
"userId": 345,
"keyId": 12313
}
Schema
{
"type": "object",
"properties": {
"userId": {
"type": "number",
"description": "Your user ID"
},
"keyId": {
"type": "number",
"description": "Your public key ID"
}
},
"$schema": "http://json-schema.org/draft-04/schema#"
}
409
A user with this email address already exists
400
No payload or the given key is not a base64+DER formatted public RSA key
501
The registration has been disabled