Single Sign On

This SSO system assumes that Snapper Grape is master of all user data, and that the client needs to be logged directly in to Snapper Grape. This should only be necessary if you communicate with the API server-to-server, and the end user needs to access Snapper Grape directly at some point, eg. to start an e-course.

See sequence diagram below describing how the SSO system is intended to work.

alt

POST /api/login

Description

Logs a user in to Snapper Grape.

Parameters

user_name

String. User name for user trying to log in.

password

String. Password for user trying to log in.

login

Int. Must be set to 1 in order for the underlying security system to log the user in.

forward_url

String. URL to redirect to after successful login. Redirect is not done in this call, but if we are using SSO, the value of forward_url is relayed.

Return:

Single Login object.

Security:

Anyone

GET /api/validate

Description

Validate if user has a valid session in Snapper Grape. For use in SSO with third-party system, where Snapper Grape is master. Note that this is not a normal JSON request, it actually redirects the client, in order to do make SSO happen.

Parameters

user_name

String. User name of user in question.

hash

String. Short-lived hash, delivered by the login call.

forward_url

String. URL to forward to after successful negotiation.

Return

Redirect or error object

Security

Anyone

GET /api/logout

Description

Log out of Snapper Grape.

Parameters

forward_url

String. URL to forward to after successful logout. Simply relayed to the output.

Return

Single Logout object.

Security

Anyone, but only makes sense when logged in.

POST /api/forgot_password

Description

Resets a user's password

Parameters

identification

String. Identification of user to change password for. Can be user name, email or mobile.

Return:

Simple object containing two attributes: valid (boolean) and message (String)

Security:

Anyone