This SSO system assumes that Snapper Grape is master of all user data, and that the client needs to be logged directly in to Snapper Grape. This should only be necessary if you communicate with the API server-to-server, and the end user needs to access Snapper Grape directly at some point, eg. to start an e-course.
See sequence diagram below describing how the SSO system is intended to work.
Logs a user in to Snapper Grape.
String. User name for user trying to log in.
String. Password for user trying to log in.
Int. Must be set to 1 in order for the underlying security system to log the user in.
String. URL to redirect to after successful login. Redirect is not done in this call, but if we are using SSO, the value of forward_url is relayed.
Single Login object.
Anyone
Validate if user has a valid session in Snapper Grape. For use in SSO with third-party system, where Snapper Grape is master. Note that this is not a normal JSON request, it actually redirects the client, in order to do make SSO happen.
String. User name of user in question.
String. Short-lived hash, delivered by the login call.
String. URL to forward to after successful negotiation.
Redirect or error object
Anyone
Log out of Snapper Grape.
String. URL to forward to after successful logout. Simply relayed to the output.
Single Logout object.
Anyone, but only makes sense when logged in.