# authentication

OAuth2 authentication.
Set management node URL:

# POST /auth/logout

# Parameters

  • No parameters...

# Endpoint

curl -X POST http://mgmt-node:8080/api/auth/logout

# POST /auth/login

OAuth 2 authentication via HTTP basic authentication, see Section 4.4 of RFC 6749 for details.

# Parameters

  • grant_typestringformDataoptionalOAuth 2 grant type, must be set to "client_credentials" for this endpoint.

# Endpoint

curl -X POST http://mgmt-node:8080/api/auth/login

# Response 200

  • access_tokenstringoptionalAccess token, should be handled as an opaque value as the format may change in the future.
  • token_typestringoptionalOAuth2 token type, always "bearer".
  • expires_innumberoptionalDuration in seconds.
  • rolesarrayoptionalAll roles of the user the token is associated with.
  • userIdintegeroptionalInternal id of the user this token is associated with.
  • passwordWasNeverChangedbooleanoptionalSet if the user never changed their password.

# Example response

{
  "access_token": "string",
  "token_type": "string",
  "expires_in": ,
  "roles": [
    "string"
  ],
  "userId": 0,
  "passwordWasNeverChanged": true
}

# POST /auth/login-form

OAuth 2 authentication with all parameters as url-encoded form, see Section 4.3 of RFC 6749 for details.

# Parameters

  • grant_typestringformDataoptionalOAuth 2 grant type, must be set to "password" for this endpoint.
  • usernamestringformDataoptionalUser name of the croit or LDAP user.
  • passwordstringformDataoptionalPlaintext password.

# Endpoint

curl -X POST http://mgmt-node:8080/api/auth/login-form

# Response 200

  • access_tokenstringoptionalAccess token, should be handled as an opaque value as the format may change in the future.
  • token_typestringoptionalOAuth2 token type, always "bearer".
  • expires_innumberoptionalDuration in seconds.
  • rolesarrayoptionalAll roles of the user the token is associated with.
  • userIdintegeroptionalInternal id of the user this token is associated with.
  • passwordWasNeverChangedbooleanoptionalSet if the user never changed their password.

# Example response

{
  "access_token": "string",
  "token_type": "string",
  "expires_in": ,
  "roles": [
    "string"
  ],
  "userId": 0,
  "passwordWasNeverChanged": true
}

# GET /auth/token-info

# Parameters

  • No parameters...

# Endpoint

curl -X GET http://mgmt-node:8080/api/auth/token-info

# Response 200

  • usernamestringoptional-
  • rolesarrayoptional-
  • expiryintegeroptional-

# Example response

{
  "username": "string",
  "roles": [
    "string"
  ],
  "expiry": 0
}

# GET /auth/okta/signInConfig

# Parameters

  • No parameters...

# Endpoint

curl -X GET http://mgmt-node:8080/api/auth/okta/signInConfig

# Response 200

  • baseUrlstringoptional-
  • clientIdstringoptional-
  • issuerstringoptional-
  • audiencestringoptional-
  • mapRolesobjectoptional-

# Example response

{
  "baseUrl": "string",
  "clientId": "string",
  "issuer": "string",
  "audience": "string",
  "mapRoles": {}
}

# POST /auth/okta/login

# Parameters

  • bodyobjectoptional-
    • idTokenstringoptional-

# Endpoint

curl -X POST http://mgmt-node:8080/api/auth/okta/login

# Example body

{
  "idToken": "string"
}

# Response 200

  • access_tokenstringoptionalAccess token, should be handled as an opaque value as the format may change in the future.
  • token_typestringoptionalOAuth2 token type, always "bearer".
  • expires_innumberoptionalDuration in seconds.
  • rolesarrayoptionalAll roles of the user the token is associated with.
  • userIdintegeroptionalInternal id of the user this token is associated with.
  • passwordWasNeverChangedbooleanoptionalSet if the user never changed their password.

# Example response

{
  "access_token": "string",
  "token_type": "string",
  "expires_in": ,
  "roles": [
    "string"
  ],
  "userId": 0,
  "passwordWasNeverChanged": true
}