Single Sign On
This SSO system assumes that Snapper Grape is master of all user data, and that the client needs to be logged directly in to Snapper Grape. This should only be necessary if you communicate with the API server-to-server, and the end user needs to access Snapper Grape directly at some point, eg. to start an e-course.
See sequence diagram below describing how the SSO system is intended to work.

POST /api/login
Description
Logs a user in to Snapper Grape.
Parameters
user_name
String. User name for user trying to log in.
password
String. Password for user trying to log in.
login
Int. Must be set to 1 in order for the underlying security system to log the user in.
forward_url
String. URL to redirect to after successful login. Redirect is not done in this call, but if we are using SSO, the value of forward_url is relayed.
Return:
Single Login object.
Security:
Anyone
GET /api/validate
Description
Validate if user has a valid session in Snapper Grape. For use in SSO with third-party system, where Snapper Grape is master. Note that this is not a normal JSON request, it actually redirects the client, in order to do make SSO happen.
Parameters
user_name
String. User name of user in question.
hash
String. Short-lived hash, delivered by the login call.
forward_url
String. URL to forward to after successful negotiation.
Return
Redirect or error object
Security
Anyone
GET /api/logout
Description
Log out of Snapper Grape.
Parameters
forward_url
String. URL to forward to after successful logout. Simply relayed to the output.
Return
Single Logout object.
Security
Anyone, but only makes sense when logged in.