Auth Service (2.2.0)

Download OpenAPI specification:Download

This is the spec that defines the API provided by the application to provide auth across the cluster

Auth

Validate Token

Validate if the input token is valid

Responses

200

OK

401

Not Authorized

get/auth/token/validate
http://goauth-service:80/v1/auth/token/validate

Create access token

Create an access token for EFA

Request Body schema: application/json

Credentials to fetch a token

username
string

Name of the user for whom the token has to be generated

password
string

Password for the above user

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

post/auth/token/access-token
http://goauth-service:80/v1/auth/token/access-token

Request samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "username": "admin",
  • "password": "password"
}

Create access token for clients

Create an access token for EFA clients

Request Body schema: application/json

Client Credentials to fetch a token

username
string

Name of the user for whom the token has to be generated

password
string

Password for the above user

clientId
string

ID of the registered client

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

post/auth/token/client-access-token
http://goauth-service:80/v1/auth/token/client-access-token

Request samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "username": "admin",
  • "password": "password"
}

Get access token with refresh token

Get access token with refresh token

Request Body schema: application/json

Refresh token

refresh-token
string

refresh token

grant-type
string

grant type(refresh_token)

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

post/auth/token/refresh
http://goauth-service:80/v1/auth/token/refresh

Request samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "grant-type": "refresh_token",
  • "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Create a key for EFA clients

Create a key for EFA clients

query Parameters
force
required
boolean

Force key regenerate

Request Body schema: application/json

Credentials to fetch a token

clientId
string

ID of the registered client

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

post/auth/token/apikey
http://goauth-service:80/v1/auth/token/apikey

Request samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "clientId": "sdjfdjskjd"
}

Get key for EFA client

Get API key for EFA client

query Parameters
clientId
required
string

Client ID

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

get/auth/token/apikey
http://goauth-service:80/v1/auth/token/apikey

Get Token Expiry Time

Return Token Expiry Time

query Parameters
type
required
string

Type of the token

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

get/auth/token/expiry
http://goauth-service:80/v1/auth/token/expiry

Update Token Expiry Time

Update Token Expiry Time For A Specific Token

Request Body schema: application/json

Type of the EFA token

type
string

Type of the token

hours
integer

Hours for token expiry

minutes
integer

Minutes for token expiry

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

post/auth/token/expiry
http://goauth-service:80/v1/auth/token/expiry

Request samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "type": "ACCESS",
  • "hours": 0,
  • "minutes": 15
}

Get All Tokens Expiry Time

Return All Tokens Expiry Times

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

get/auth/token/expiry/all
http://goauth-service:80/v1/auth/token/expiry/all

Fetch all client details

Fetch all client details configured in the application

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error

default

Unexpected error

get/auth/clientlist
http://goauth-service:80/v1/auth/clientlist

Fetch client details by name

Fetch client details by name

query Parameters
name
required
string

Name of the client

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

get/auth/client
http://goauth-service:80/v1/auth/client

Register a new client

Register a new client to access EFA

Request Body schema: application/json

Details of the client

name
string

Name for the client(tenant name for Openstack clients)

clientType
string

Type of the client(openstack for Openstack clients)

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

post/auth/client
http://goauth-service:80/v1/auth/client

Request samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "name": "tenantname",
  • "clientType": "openstack"
}

Delete a registered client

Delete a registered client by its name

query Parameters
name
required
string

Name of the registered client

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

delete/auth/client
http://goauth-service:80/v1/auth/client

Fetch registered LDAP server details

Fetch LDAP details by name

query Parameters
name
required
string

Name given for the ldap connection

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

get/auth/authenticator/ldap
http://goauth-service:80/v1/auth/authenticator/ldap

Register a new LDAP Server

Register a new LDAP Server for authentication

Request Body schema: application/json

Details of the LDAP Server

name
string

Name for the LDAP connection

primary
required
integer

Set to 1 when multiple LDAP connections are available

host
string

Specify the hostname or IP address

port
string

Specify the port at which the OpenLDAP server is listening for connections

tls
required
boolean

Enable to use LDAP over SSL/TLS

insecure-tls
required
boolean

Enable to use LDAP without cert verification

cacert
string

CA certificate

timeout
required
integer

Duration in number of seconds before considering the server unreachable(defaults to 5 sec)

bind-user-name
string

Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries

bind-user-password
string

Password of the bind user

user-search-base
string

Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects.

user-object-class
string

Name of the object class used for user objects(defaults to inetOrgPerson)

user-login-attribute
string

The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid)

user-role-attribute
string

The attribute to read the role of user from

user-role-attribute-key
string

The attribute to read the role value from role attribute

user-member-attribute
string

The attribute to read the member of the group the user is part of

group-search-base
string

Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects.

group-object-class
string

Name of the object class used for group objects(defaults to groupOfNames)

group-attribute
string

Attribute to define search filter on group(defaults to cn)

group-member-user-attribute
string

The name of the user attribute whose format matches the group members(defualts to entrydn)

group-member-mapping-attribute
string

The name of the group attribute containing the members of a group(defaults to member)

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.

default

Unexpected error

post/auth/authenticator/ldap
http://goauth-service:80/v1/auth/authenticator/ldap

Request samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "name": "string",
  • "primary": 0,
  • "host": "string",
  • "port": "string",
  • "tls": true,
  • "insecure-tls": true,
  • "cacert": "string",
  • "timeout": 0,
  • "bind-user-name": "string",
  • "bind-user-password": "string",
  • "user-search-base": "string",
  • "user-object-class": "string",
  • "user-login-attribute": "string",
  • "user-role-attribute": "string",
  • "user-role-attribute-key": "string",
  • "user-member-attribute": "string",
  • "group-search-base": "string",
  • "group-object-class": "string",
  • "group-attribute": "string",
  • "group-member-user-attribute": "string",
  • "group-member-mapping-attribute": "string"
}

Update LDAP configuration

Update LDAP configuration for authentication

query Parameters
name
required
string

Name of the registered LDAP Server

Request Body schema: application/json

Details of the LDAP Server

name
string

Name for the LDAP connection

primary
required
integer

Set to 1 when multiple LDAP connections are available

host
string

Specify the hostname or IP address

port
string

Specify the port at which the OpenLDAP server is listening for connections

tls
required
boolean

Enable to use LDAP over SSL/TLS

insecure-tls
required
boolean

Enable to use LDAP without cert verification

cacert
string

CA certificate

timeout
required
integer

Duration in number of seconds before considering the server unreachable(defaults to 5 sec)

bind-user-name
string

Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries

bind-user-password
string

Password of the bind user

user-search-base
string

Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects.

user-object-class
string

Name of the object class used for user objects(defaults to inetOrgPerson)

user-login-attribute
string

The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid)

user-role-attribute
string

The attribute to read the role of user from

user-role-attribute-key
string

The attribute to read the role value from role attribute

user-member-attribute
string

The attribute to read the member of the group the user is part of

group-search-base
string

Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects.

group-object-class
string

Name of the object class used for group objects(defaults to groupOfNames)

group-attribute
string

Attribute to define search filter on group(defaults to cn)

group-member-user-attribute
string

The name of the user attribute whose format matches the group members(defualts to entrydn)

group-member-mapping-attribute
string

The name of the group attribute containing the members of a group(defaults to member)

Responses

200

OK

401

Authorization information is missing or invalid.

500

Unexpected error.