Back to top

Authentication REST Interface

All requests must include the access token in the Authorization Header, except the /token resource.

OAuth2 Informations

Get some general informations about this OAuth2 identity provider.

Client list

GET/clients

Get a list of active clients.

Request
HideShow
Headers
Content-Type: application/json
Accept: application/json
Response  200
HideShow
Headers
Content-Type: application/json
Body
[
  {
    "clientId": "adfiowerj9",
    "name": "Samply MDR",
    "description": "The central Samply MDR",
    "redirectUrl": "https://mdr.samply.de/",
    "type": "MDR"
  }
]
Schema
{
  "type": "array",
  "$schema": "http://json-schema.org/draft-04/schema#"
}

Keys

GET/certs

Get the public keys used in Samply Auth.

Request
HideShow
Headers
Content-Type: application/json
Accept: application/json
Response  200
HideShow
Headers
Content-Type: application/json
Body
[
  {
    "keyType": "RSA",
    "use": "sig",
    "keyId": "1",
    "n": "MEF43AB10F...",
    "e": "AQAB",
    "derFormat": "MIICIjANBgkqhkiG9w0BAQE...",
    "base64DerFormat": "MIICIjANBgkqhkiG9w0BAQEFAA..."
  }
]
Schema
{
  "type": "array",
  "$schema": "http://json-schema.org/draft-04/schema#"
}

OAuth2

Get an access token

POST/token

Get a new access token, id token and refresh token.

Request
HideShow
Headers
Content-Type: application/json
Accept: application/json
Body
{
  "code": "adfwerwer",
  "client_id": "abc",
  "client_secret": "ghz",
  "signature": "afsdfwre",
  "refresh_token": "eysdfre"
}
Schema
{
  "type": "object",
  "properties": {
    "code": {
      "type": "string",
      "description": "The random code from the redirect"
    },
    "client_id": {
      "type": "string",
      "description": "Your client ID"
    },
    "client_secret": {
      "type": "string",
      "description": "Your client secret. Use this attribute and the code to get a new access token"
    },
    "signature": {
      "type": "string",
      "description": "The base64 encoded signature of the code. Use this attribute if you want to use your private key for authentication."
    },
    "refresh_token": {
      "type": "string",
      "description": "The refresh token you got earlier from Samply Auth. Use this attribute if you want to use your previously obtained refresh token to get a new access token."
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Response  200
HideShow
Headers
Content-Type: application/json
Body
{
  "access_token": "eysdfwer234wr.sfdsdfwer....",
  "id_token": "eysdfwerfdg",
  "refresh_token": "eysdfertwt"
}
Schema
{
  "type": "object",
  "properties": {
    "access_token": {
      "type": "string",
      "description": "The signed JWT access token"
    },
    "id_token": {
      "type": "string",
      "description": "The signed JWT ID token, that contains informations about the user, like his real name"
    },
    "refresh_token": {
      "type": "string",
      "description": "The signed refresh token, that you can use to get a new access token."
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Response  400
HideShow

No payload or the refresh token is not valid

Response  401
HideShow

Your client has been disabled (code) or the user has been disabled (signature)

Response  403
HideShow

The provided refresh token is not valid

Response  404
HideShow

The client ID, client secret or code are unknown or the sign request is unknown

Get a sign request

POST/sign_request

Get a code that you can sign to get an access token.

Request
HideShow
Headers
Content-Type: application/json
Accept: application/json
Body
{
  "keyId": 123,
  "sha512Hash": "abdc545"
}
Schema
{
  "type": "object",
  "properties": {
    "keyId": {
      "type": "number",
      "description": "Your key ID"
    },
    "sha512Hash": {
      "type": "string",
      "description": "The SHA512 hash of your public key. Use this if you do not know your key ID"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Response  200
HideShow
Headers
Content-Type: application/json
Body
{
  "code": "asdwer",
  "expirationDate": 123234234,
  "algoritm": "SHA512withRSA"
}
Schema
{
  "type": "object",
  "properties": {
    "code": {
      "type": "string",
      "description": "The code that you must sign"
    },
    "expirationDate": {
      "type": "number",
      "description": "The expiration date of this sign request"
    },
    "algoritm": {
      "type": "string",
      "description": "The signature algorithm that you must use"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Response  404
HideShow

The key could not be found.

Get data about the token

GET/tokeninfo

Request
HideShow
Headers
Authorization: Bearer eyfswer....
Accept: application/json
Response  200
HideShow
Headers
Content-Type: application/json
Body
{
  "expirationDate": 123123,
  "subject": "https://test.de/users/5",
  "scope": [
    "mdr",
    "openid",
    "login",
    "formrepository"
  ],
  "nonce": "asdfsdfwr",
  "notBeofre": 123123,
  "issuer": "https://auth.samply.de"
}
Schema
{
  "type": "object",
  "properties": {
    "expirationDate": {
      "type": "number",
      "description": "Expiration date of the access token"
    },
    "subject": {
      "type": "string",
      "description": "The subject of the access token"
    },
    "scope": {
      "type": "array",
      "description": "The list of scopes from the access token"
    },
    "nonce": {
      "type": "string",
      "description": "A random string"
    },
    "notBeofre": {
      "type": "number",
      "description": "The date before the access token must be rejected"
    },
    "issuer": {
      "type": "string",
      "description": "The issuer of the access token"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Response  403
HideShow

The given access token is not valid

Get data about the user

GET/userinfo

Request
HideShow
Headers
Authorization: Bearer eyfswer....
Accept: application/json
Response  200
HideShow
Headers
Content-Type: application/json
Body
{
  "real_name": "Max Mustermann",
  "contact_information": "Phone: 01234/5678",
  "locality": {
    "id": "UNIMAINZ",
    "name": "Universitäts Medizin Mainz",
    "description": "Der Standort Universitätsmedizin Mainz im DKTK"
  },
  "email": "max@mustermann.de",
  "email_verified": true
}
Schema
{
  "type": "object",
  "properties": {
    "real_name": {
      "type": "string",
      "description": "The real name of the user"
    },
    "contact_information": {
      "type": "string",
      "description": "The contact informations"
    },
    "locality": {
      "type": "object",
      "properties": {
        "id": {
          "type": "string",
          "description": "The identifier for this locality"
        },
        "name": {
          "type": "string",
          "description": "The name of the locality"
        },
        "description": {
          "type": "string",
          "description": "The description of the locality"
        }
      },
      "description": "The locality of the user"
    },
    "email": {
      "type": "string",
      "description": "The users email address"
    },
    "email_verified": {
      "type": "boolean",
      "description": "If true, the user has verified his email address"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Response  403
HideShow

The given access token is not valid

Search for users

GET/users/search{?query}

Parameters
HideShow
query
string (required) Example: Max

The name or email address that you what to search for

Request
HideShow
Headers
Authorization: Bearer eyfswer....
Accept: application/json
Response  200
HideShow
Headers
Content-Type: application/json
Body
[
  {
    "real_name": "Max Mustermann",
    "contact_information": "Phone: 01234/5678",
    "locality": {
      "id": "UNIMAINZ",
      "name": "Universitäts Medizin Mainz",
      "description": "Der Standort Universitätsmedizin Mainz im DKTK"
    },
    "email": "max@mustermann.de",
    "email_verified": true
  }
]
Schema
{
  "type": "array",
  "$schema": "http://json-schema.org/draft-04/schema#"
}

Registration

Register your Registry

POST/register

Register your Registry, Bridgehead or Share Client at Samply Auth. In the end this request creates a new user in Samply Auth.

Request
HideShow
Headers
Content-Type: application/json
Accept: application/json
Body
{
  "email": "admin@osse.rare",
  "name": "Registry for Rare diseases",
  "description": "OSSE",
  "base64EncodedPublicKey": "MIIsdfwer"
}
Schema
{
  "type": "object",
  "properties": {
    "email": {
      "type": "string",
      "description": "disease.org (string) - The admins email address"
    },
    "name": {
      "type": "string",
      "description": "A human readable name for your registry"
    },
    "description": {
      "type": "string",
      "description": "Registry (string) - A description of the application that uses this key"
    },
    "base64EncodedPublicKey": {
      "type": "string",
      "description": "Your base64+DER encoded public key"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Response  200
HideShow
Headers
Content-Type: application/json
Body
{
  "userId": 345,
  "keyId": 12313
}
Schema
{
  "type": "object",
  "properties": {
    "userId": {
      "type": "number",
      "description": "Your user ID"
    },
    "keyId": {
      "type": "number",
      "description": "Your public key ID"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Response  409
HideShow

A user with this email address already exists

Response  400
HideShow

No payload or the given key is not a base64+DER formatted public RSA key

Response  501
HideShow

The registration has been disabled

Generated by aglio on 11 Sep 2015