API docs by Redocly

Mod Login Keycloak API (v1)

Mod Login Keycloak API

authtoken

Stub implementation for authtoken and authtoken2 interfaces.

token-legacy

Not Implemented, Deprecated

Will be removed in a future releases

Please use /token/sign instead. Returns a signed, non-expiring legacy access token.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
object

The payload of the token signing request

sub
required
string

The subject (the username) for the user

property name*
additional property
any

Responses

Request samples

Content type
application/json
{
  • "payload": {
    }
}

Response samples

Content type
application/json
{
  • "token": "string"
}

token-sign-legacy

Not Implemented

Returns a signed, expiring refresh token. This is a legacy endpoint and should not be called by new code and will soon be fully depreciated.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
userId
required
string <uuid>

The user id of the request

sub
required
string

The subject (user id) of the request

Responses

Request samples

Content type
application/json
{
  • "userId": "2c4a230c-5085-4924-a3e1-25fb4fc5965b",
  • "sub": "string"
}

Response samples

Content type
application/json
{
  • "token": "string"
}

token-sign

Not Implemented

Returns a signed, expiring access token and refresh token. Also returns the expiration of each token in the body of the response. The access token time to live is 10 minutes and the refresh token is one week.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
required
object

The payload of the token signing request

sub
required
string

The subject (the username) for the user

property name*
additional property
any

Responses

Request samples

Content type
application/json
{
  • "payload": {
    }
}

Response samples

Content type
application/json
{
  • "token": "string",
  • "refreshToken": "string",
  • "accessToken": "string"
}

token-refresh

Not Implemented

Returns a new refresh token and a new access token. Also returns the expiration of each token in the body of the response. Time to live is 10 minutes for the access token and one week for the refresh token.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
refreshToken
required
string

The JWE refresh token

Responses

Request samples

Content type
application/json
{
  • "refreshToken": "string"
}

Response samples

Content type
application/json
{
  • "token": "string",
  • "refreshToken": "string",
  • "accessToken": "string"
}

token-invalidate

Not Implemented

Invalidate a single token

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
refreshToken
required
string

The JWE refresh token

Responses

Request samples

Content type
application/json
{
  • "refreshToken": "string"
}

Response samples

Content type
application/json
{
  • "errors": [
    ],
  • "total_records": 0
}

token-invalidate-all

Not Implemented

Invalidate all tokens for a user

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ],
  • "total_records": 0
}

loginAttempts

getLoginAttempts

Get login attempts for a single user

path Parameters
userId
required
string

User identifier

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "userId": "string",
  • "lastAttempt": "2019-08-24T14:15:22Z",
  • "attemptCount": 0
}

login

login

Get a new login token

header Parameters
userAgent
string

Used to identify the Operating System and Browser of the web-server

forwardedFor
string

-< HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer

Request Body schema: application/json
required
username
string

Username in the system, case insensitive

userId
string

Unique user id

password
required
string

User password

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "userId": "string",
  • "password": "string"
}

Response samples

Content type
application/json
{
  • "okapiToken": "string",
  • "refreshToken": "string"
}

loginWithExpiry

Get an expiring refresh and access token

header Parameters
userAgent
string

Used to identify the Operating System and Browser of the web-server

forwardedFor
string

-< HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer

Request Body schema: application/json
required
username
string

Username in the system, case insensitive

userId
string

Unique user id

password
required
string

User password

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "userId": "string",
  • "password": "string"
}

Response samples

Content type
application/json
{
  • "accessTokenExpiration": "string",
  • "refreshTokenExpiration": "string"
}

refreshToken

Get a new refresh and access token

cookie Parameters
folioRefreshToken
required
string

Refresh token cookie

Responses

Response samples

Content type
application/json
{
  • "accessTokenExpiration": "string",
  • "refreshTokenExpiration": "string"
}

logout

Logs the user out on their current device

cookie Parameters
folioRefreshToken
string

Refresh token cookie

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ],
  • "total_records": 0
}

logoutAll

Logs the user out on all of their devices

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ],
  • "total_records": 0
}

token

Get a new login token from the authorization code

query Parameters
code
required
string

temporary authentication code

redirect-uri
required
string

initial uri that was used as redirect uri for getting authentication code

header Parameters
userAgent
string

Used to identify the Operating System and Browser of the web-server

forwardedFor
string

-< HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer

Responses

Response samples

Content type
application/json
{
  • "accessTokenExpiration": "string",
  • "refreshTokenExpiration": "string"
}

credentials

updateCredentials

Self-update existing credentials.

header Parameters
userAgent
string

Used to identify the Operating System and Browser of the web-server

forwardedFor
string

-< HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer

Request Body schema: application/json
required
username
required
string

username

userId
string

Unique user id

password
required
string

The current password of the user who will be replaced by the new one

newPassword
required
string

New user password

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "userId": "string",
  • "password": "string",
  • "newPassword": "string"
}

Response samples

Content type
application/json
{
  • "errors": [
    ],
  • "total_records": 0
}

createCredentials

Add a new login to the system.

Request Body schema: application/json
required
username
string

Username in the system, case insensitive

userId
string

Unique user id

password
required
string

User password

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "userId": "string",
  • "password": "string"
}

Response samples

Content type
application/json
{
  • "errors": [
    ],
  • "total_records": 0
}

deleteCredentials

Delete credentials for user

query Parameters
userId
required
string

User identifier

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ],
  • "total_records": 0
}

checkCredentialsExistence

Returns single property 'credentialsExist' with true, if user has local password

query Parameters
userId
required
string

User identifier

Responses

Response samples

Content type
application/json
{
  • "credentialsExist": true
}

password

validatePasswordRepeatability

Validate password for repeatability

Request Body schema: application/json
required
password
required
string

Password

userId
required
string

User Id

Responses

Request samples

Content type
application/json
{
  • "password": "string",
  • "userId": "string"
}

Response samples

Content type
application/json
{
  • "result": "string"
}

resetPassword

Resets password for user in record and deletes action record

Request Body schema: application/json
required
passwordResetActionId
required
string

Action id for reset password

newPassword
required
string

New password for update

Responses

Request samples

Content type
application/json
{
  • "passwordResetActionId": "string",
  • "newPassword": "string"
}

Response samples

Content type
application/json
{
  • "isNewPassword": true
}

createResetPasswordAction

Saves password reset action to storage

Request Body schema: application/json
required
id
required
string

ID of the password reset action received in the API request

userId
required
string

User ID to register password reset action

expirationTime
required
string <date-time>

password expiration time

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "userId": "string",
  • "expirationTime": "2019-08-24T14:15:22Z"
}

Response samples

Content type
application/json
{
  • "passwordExists": true
}

getPasswordActionById

Retrieves action record by id

path Parameters
actionId
required
string

Action Identifier

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "userId": "string",
  • "expirationTime": "2019-08-24T14:15:22Z"
}

logEvents

getLogEvents

Returns a list of events retrieved from storage

query Parameters
length
integer >= 1
Default: 10
Example: length=10

The maximum number of results to return.

start
integer >= 1
Default: 1

The starting index in a list of results (starts at one).

query
string
Example: query=10

A query string to filter users based on matching criteria in fields.

Responses

Response samples

Content type
application/json
{
  • "loggingEvent": [
    ],
  • "totalRecords": 0
}

saveLogEvent

Saves received event into the storage

Request Body schema: application/json
id
string

The system assigned unique ID of the instance record; UUID

eventType
required
string (Log Event Type Schema)
Enum: "PASSWORD_RESET" "PASSWORD_CREATE" "PASSWORD_CHANGE" "SUCCESSFUL_LOGIN_ATTEMPT" "FAILED_LOGIN_ATTEMPT" "USER_BLOCK"

Log event type

tenant
required
string

The tenant for which the event occurred

userId
required
string

User ID for which the event is registered.

ip
string

Client IP address of registered user Okapi

browserInformation
string

Client's browser information obtained from User-Agent http header

timestamp
string <date-time>

Event registration time

object (Metadata Schema)

Record metadata

createdDate
string

Date and time when the record was created

createdByUserId
string

ID of the user who created the record (when available)

createdByUsername
string

Username of the user who created the record (when available)

updatedDate
string

Date and time when the record was last updated

updatedByUserId
string

ID of the user who last updated the record (when available)

updatedByUsername
string

Username of the user who last updated the record (when available)

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "eventType": "PASSWORD_RESET",
  • "tenant": "string",
  • "userId": "string",
  • "ip": "string",
  • "browserInformation": "string",
  • "timestamp": "2019-08-24T14:15:22Z",
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "message": "string"
}

deleteLogEvent

Saves received event into the storage

path Parameters
eventId
required
string

Event Identifier

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ],
  • "total_records": 0
}