Login version v7.0
http://github.com/org/folio/mod-auth/login_module
mod-login API
This module provides a username/password based login mechanism for FOLIO credentials
/authn
Get login attempts for a single user
get /authn/loginAttempts/{id}
Get login attempts for a single user
Deprecated. Please use login-with-expiry instead. Will be removed in a future release. Get a new login token without an expiration (legacy endpoint)
post /authn/login
Deprecated. Please use login-with-expiry instead. Will be removed in a future release. Get a new login token without an expiration (legacy endpoint)
Headers
- User-Agent: required(string)
- X-Forwarded-For: required(string)
Body
Media type: application/json
Type: json
Content:
{
"title": "Login Credentials Schema",
"type": "object",
"description": "An entity that describes the basic credentials for a user to log on to the system",
"properties": {
"username": {
"description": "Username in the system, case insensitive",
"type": "string"
},
"userId": {
"description": "Unique user id",
"type": "string"
},
"password": {
"description": "User password",
"type": "string"
},
"tenant": {
"description": "Tenant; parameter for resolving duplicated usernames across tenants.",
"type": "string"
}
}
}HTTP status code 201
Headers
- x-okapi-token: required(string)
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Object returned on successful login",
"type": "object",
"properties": {
"okapiToken": {
"description": "session token (X-Okapi-Token format)",
"type": "string"
},
"refreshToken": {
"description": "refresh token",
"type": "string"
}
},
"required": [
"okapiToken"
]
}HTTP status code 400
Bad request
Body
Media type: text/plain
Type: any
Example:
Bad requestHTTP status code 404
Not found
Body
Media type: text/plain
Type: any
Example:
Not foundHTTP status code 422
Unprocessable Entity
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "errors.schema",
"description": "A set of errors",
"type": "object",
"properties": {
"errors": {
"description": "List of errors",
"id": "errors",
"type": "array",
"items": {
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "error.schema",
"description": "An error",
"properties": {
"message": {
"type": "string",
"description": "Error message text"
},
"type": {
"type": "string",
"description": "Error message type"
},
"code": {
"type": "string",
"description": "Error message code"
},
"parameters": {
"description": "Error message parameters",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "parameters.schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"message"
]
}
},
"total_records": {
"description": "Total number of errors",
"type": "integer"
}
}
}HTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorGet an expiring refresh and access token
post /authn/login-with-expiry
Get an expiring refresh and access token
Headers
- User-Agent: required(string)
- X-Forwarded-For: required(string)
Body
Media type: application/json
Type: json
Content:
{
"title": "Login Credentials Schema",
"type": "object",
"description": "An entity that describes the basic credentials for a user to log on to the system",
"properties": {
"username": {
"description": "Username in the system, case insensitive",
"type": "string"
},
"userId": {
"description": "Unique user id",
"type": "string"
},
"password": {
"description": "User password",
"type": "string"
},
"tenant": {
"description": "Tenant; parameter for resolving duplicated usernames across tenants.",
"type": "string"
}
}
}HTTP status code 201
Headers
- Set-Cookie: required(string)
access token cookie and refresh token cookie
Example:
Set-Cookie: folioAccessToken=abc.def.ghi; Max-Age=600; Expires=Tue, 23 Jan 2024 15:15:49 GMT; Path=/; Secure; HTTPOnly; SameSite=Strict Set-Cookie: folioRefreshToken=rst.uvw.xyz; Max-Age=604800; Expires=Tue, 30 Jan 2024 15:05:49 GMT; Path=/authn; Secure; HTTPOnly; SameSite=Strict
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Object returned on successful login or on token refresh",
"type": "object",
"properties": {
"accessTokenExpiration": {
"description": "The time in UTC after which the access token will be considered expired. Time format is ISO 8601.",
"type": "string"
},
"refreshTokenExpiration": {
"description": "The time in UTC after which the refresh token will be considered expired. Time format is ISO 8601.",
"type": "string"
}
},
"required": [
"accessTokenExpiration",
"refreshTokenExpiration"
]
}HTTP status code 400
Bad request
Body
Media type: text/plain
Type: any
Example:
Bad requestHTTP status code 404
Not found
Body
Media type: text/plain
Type: any
Example:
Not foundHTTP status code 422
Unprocessable Entity
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "errors.schema",
"description": "A set of errors",
"type": "object",
"properties": {
"errors": {
"description": "List of errors",
"id": "errors",
"type": "array",
"items": {
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "error.schema",
"description": "An error",
"properties": {
"message": {
"type": "string",
"description": "Error message text"
},
"type": {
"type": "string",
"description": "Error message type"
},
"code": {
"type": "string",
"description": "Error message code"
},
"parameters": {
"description": "Error message parameters",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "parameters.schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"message"
]
}
},
"total_records": {
"description": "Total number of errors",
"type": "integer"
}
}
}HTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorGet a new refresh and access token
post /authn/refresh
Get a new refresh and access token
Headers
- Cookie: required(string)
The Cookie header that must contain the refresh token cookie; all other cookies like the access token cookie are ignored
Example:
Cookie: folioRefreshToken=rst.uvw.xyz; folioAccessToken=abc.def.ghi
HTTP status code 201
Headers
- Set-Cookie: required(string)
access token cookie and refresh token cookie
Example:
Set-Cookie: folioAccessToken=abc.def.ghi; Max-Age=600; Expires=Tue, 23 Jan 2024 15:15:49 GMT; Path=/; Secure; HTTPOnly; SameSite=Strict Set-Cookie: folioRefreshToken=rst.uvw.xyz; Max-Age=604800; Expires=Tue, 30 Jan 2024 15:05:49 GMT; Path=/authn; Secure; HTTPOnly; SameSite=Strict
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Object returned on successful login or on token refresh",
"type": "object",
"properties": {
"accessTokenExpiration": {
"description": "The time in UTC after which the access token will be considered expired. Time format is ISO 8601.",
"type": "string"
},
"refreshTokenExpiration": {
"description": "The time in UTC after which the refresh token will be considered expired. Time format is ISO 8601.",
"type": "string"
}
},
"required": [
"accessTokenExpiration",
"refreshTokenExpiration"
]
}HTTP status code 400
Bad request
Body
Media type: application/json
Type: any
Example:
Bad requestHTTP status code 422
Unprocessable entity. mod-authtoken has returned a 400 level response.
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "errors.schema",
"description": "A set of errors",
"type": "object",
"properties": {
"errors": {
"description": "List of errors",
"id": "errors",
"type": "array",
"items": {
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "error.schema",
"description": "An error",
"properties": {
"message": {
"type": "string",
"description": "Error message text"
},
"type": {
"type": "string",
"description": "Error message type"
},
"code": {
"type": "string",
"description": "Error message code"
},
"parameters": {
"description": "Error message parameters",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "parameters.schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"message"
]
}
},
"total_records": {
"description": "Total number of errors",
"type": "integer"
}
}
}HTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorLogs the user out on their current device. The access token cookie and the refresh token cookie are removed, and the refresh token is invalidated. The access token cannot be invalidated and remains valid until its exiration time; this is by design because the access token is stateless.
post /authn/logout
Logs the user out on their current device. The access token cookie and the refresh token cookie are removed, and the refresh token is invalidated. The access token cannot be invalidated and remains valid until its exiration time; this is by design because the access token is stateless.
Headers
- Cookie: required(string)
The Cookie header that must contain the refresh token cookie; all other cookies like the access token cookie are ignored
Example:
Cookie: folioRefreshToken=rst.uvw.xyz; folioAccessToken=abc.def.ghi
HTTP status code 204
HTTP status code 400
Bad request
Body
Media type: application/json
Type: any
Example:
Bad requestHTTP status code 422
Unprocessable entity. mod-authtoken has returned a 400 level response.
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "errors.schema",
"description": "A set of errors",
"type": "object",
"properties": {
"errors": {
"description": "List of errors",
"id": "errors",
"type": "array",
"items": {
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "error.schema",
"description": "An error",
"properties": {
"message": {
"type": "string",
"description": "Error message text"
},
"type": {
"type": "string",
"description": "Error message type"
},
"code": {
"type": "string",
"description": "Error message code"
},
"parameters": {
"description": "Error message parameters",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "parameters.schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"message"
]
}
},
"total_records": {
"description": "Total number of errors",
"type": "integer"
}
}
}HTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorLogs the user out on all of their devices
post /authn/logout-all
Logs the user out on all of their devices
HTTP status code 204
HTTP status code 400
Bad request
Body
Media type: application/json
Type: any
Example:
Bad requestHTTP status code 422
Unprocessable entity. mod-authtoken has returned a 400 level response.
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "errors.schema",
"description": "A set of errors",
"type": "object",
"properties": {
"errors": {
"description": "List of errors",
"id": "errors",
"type": "array",
"items": {
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "error.schema",
"description": "An error",
"properties": {
"message": {
"type": "string",
"description": "Error message text"
},
"type": {
"type": "string",
"description": "Error message type"
},
"code": {
"type": "string",
"description": "Error message code"
},
"parameters": {
"description": "Error message parameters",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "parameters.schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"message"
]
}
},
"total_records": {
"description": "Total number of errors",
"type": "integer"
}
}
}HTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorSelf-update existing credentials. N.B. A non-empty password must be provided.
post /authn/update
Self-update existing credentials. N.B. A non-empty password must be provided.
Headers
- User-Agent: required(string)
- X-Forwarded-For: required(string)
Body
Media type: application/json
Type: json
Content:
{
"title": "Update Credentials Schema",
"type": "object",
"description": "An entity that describes the necessary data to update a user password",
"properties": {
"username": {
"description": "username",
"type": "string"
},
"userId": {
"description": "Unique user id",
"type": "string"
},
"password": {
"description": "The current password of the user who will be replaced by the new one",
"type": "string"
},
"newPassword": {
"description": "New user password",
"type": "string"
}
}
}HTTP status code 204
Successful update
HTTP status code 400
Bad request
Body
Media type: text/plain
Type: any
Example:
Bad requestHTTP status code 401
Unauthorized
Body
Media type: text/plain
Type: any
Example:
UnauthorizedHTTP status code 422
Unprocessable Entity
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "errors.schema",
"description": "A set of errors",
"type": "object",
"properties": {
"errors": {
"description": "List of errors",
"id": "errors",
"type": "array",
"items": {
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "error.schema",
"description": "An error",
"properties": {
"message": {
"type": "string",
"description": "Error message text"
},
"type": {
"type": "string",
"description": "Error message type"
},
"code": {
"type": "string",
"description": "Error message code"
},
"parameters": {
"description": "Error message parameters",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "parameters.schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"message"
]
}
},
"total_records": {
"description": "Total number of errors",
"type": "integer"
}
}
}HTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorAdd a new login to the system. N.B. A non-empty password must be provided.
Remove a user's login credentials from the system
post /authn/credentials
Add a new login to the system. N.B. A non-empty password must be provided.
Body
Media type: application/json
Type: json
Content:
{
"title": "Login Credentials Schema",
"type": "object",
"description": "An entity that describes the basic credentials for a user to log on to the system",
"properties": {
"username": {
"description": "Username in the system, case insensitive",
"type": "string"
},
"userId": {
"description": "Unique user id",
"type": "string"
},
"password": {
"description": "User password",
"type": "string"
},
"tenant": {
"description": "Tenant; parameter for resolving duplicated usernames across tenants.",
"type": "string"
}
}
}HTTP status code 201
Success
HTTP status code 400
Bad request
Body
Media type: text/plain
Type: any
Example:
Bad requestHTTP status code 422
Validation errors
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "errors.schema",
"description": "A set of errors",
"type": "object",
"properties": {
"errors": {
"description": "List of errors",
"id": "errors",
"type": "array",
"items": {
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "error.schema",
"description": "An error",
"properties": {
"message": {
"type": "string",
"description": "Error message text"
},
"type": {
"type": "string",
"description": "Error message type"
},
"code": {
"type": "string",
"description": "Error message code"
},
"parameters": {
"description": "Error message parameters",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "parameters.schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"message"
]
}
},
"total_records": {
"description": "Total number of errors",
"type": "integer"
}
}
}Example:
{
"errors": [
{
"message": "may not be null",
"type": "1",
"code": "-1",
"parameters": [
{
"key": "moduleTo",
"value": "null"
}
]
}
]
}
HTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errordelete /authn/credentials
Remove a user's login credentials from the system
Query Parameters
- userId: required(string - pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[1-5][a-fA-F0-9]{3}-[89abAB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$)
User Id
HTTP status code 204
Success
HTTP status code 404
User not found
Body
Media type: text/plain
Type: any
Example:
User not foundHTTP status code 422
Validation errors
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "errors.schema",
"description": "A set of errors",
"type": "object",
"properties": {
"errors": {
"description": "List of errors",
"id": "errors",
"type": "array",
"items": {
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "error.schema",
"description": "An error",
"properties": {
"message": {
"type": "string",
"description": "Error message text"
},
"type": {
"type": "string",
"description": "Error message type"
},
"code": {
"type": "string",
"description": "Error message code"
},
"parameters": {
"description": "Error message parameters",
"$schema": "http://json-schema.org/draft-04/schema#",
"id": "parameters.schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"message"
]
}
},
"total_records": {
"description": "Total number of errors",
"type": "integer"
}
}
}Example:
{
"errors": [
{
"message": "may not be null",
"type": "1",
"code": "-1",
"parameters": [
{
"key": "moduleTo",
"value": "null"
}
]
}
]
}
HTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorValidate if password has been used before.
post /authn/password/repeatable
Validate if password has been used before.
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Object with password property",
"type": "object",
"properties": {
"password": {
"type": "string",
"description": "Password"
},
"userId": {
"type": "string",
"description": "User Id"
}
},
"required": [
"password",
"userId"
]
}HTTP status code 200
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "result",
"type": "object",
"properties": {
"result": {
"type": "string",
"description": "'invalid' if the password is in the user's password history, 'valid' otherwise"
}
},
"required": [
"result"
]
}Example:
{
"result": "invalid"
}HTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorResets password for user in record and deletes action record
post /authn/reset-password
Resets password for user in record and deletes action record
Headers
- User-Agent: required(string)
- X-Forwarded-For: required(string)
Body
Media type: application/json
HTTP status code 201
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Response entity to reset the password",
"type": "object",
"properties": {
"isNewPassword": {
"description": "true if a password has been set the first time for this user, false if the previous password has been moved into the user's password history",
"type": "boolean"
}
},
"additionalProperties": false
}HTTP status code 400
Body
Media type: text/plain
Type: any
Example:
Bad RequestHTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorSaves action to storage
post /authn/password-reset-action
Saves action to storage
Body
Media type: application/json
HTTP status code 201
Body
Media type: application/json
Type: json
Content:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Response entity to create a new password change action",
"type": "object",
"properties": {
"passwordExists": {
"description": "true if a password is stored for the user, false if no password (or even no credential entry) is stored for the user",
"type": "boolean"
}
},
"additionalProperties": false
}HTTP status code 400
Body
Media type: text/plain
Type: any
Example:
Bad RequestHTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorRetrieves action record by id
get /authn/password-reset-action/{actionId}
Retrieves action record by id
URI Parameters
- actionId: required(string)
HTTP status code 200
Body
Media type: application/json
HTTP status code 400
Body
Media type: text/plain
Type: any
Example:
Bad RequestHTTP status code 404
Body
Media type: text/plain
Type: any
Example:
Not FoundHTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorReturns a list of events retrieved from storage
Saves received event into the storage
get /authn/log/events
Returns a list of events retrieved from storage
Query Parameters
- length: (integer - default: 10 - minimum: 1 - maximum: 2147483647)
The maximum number of results to return.
Example:
10 - start: (integer - default: 1 - minimum: 1 - maximum: 2147483647)
The starting index in a list of results (starts at one).
- query: (string)
A query string to filter users based on matching criteria in fields.
HTTP status code 200
Body
Media type: application/json
HTTP status code 204
Body
Media type: text/plain
Type: any
Example:
No ContentHTTP status code 404
Event not found
Body
Media type: text/plain
Type: any
Example:
Event not foundHTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorpost /authn/log/events
Saves received event into the storage
Removes events by filter
delete /authn/log/events/{id}
Removes events by filter
URI Parameters
- id: required(string)
HTTP status code 200
Body
Media type: application/json
HTTP status code 204
Body
Media type: text/plain
Type: any
Example:
No ContentHTTP status code 404
Event not found
Body
Media type: text/plain
Type: any
Example:
Event not foundHTTP status code 500
Internal server error
Body
Media type: text/plain
Type: any
Example:
Internal server errorReturns single property 'credentialsExist' with true, if user has local password
get /authn/credentials-existence
Returns single property 'credentialsExist' with true, if user has local password
Query Parameters
- userId: required(string - pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[1-5][a-fA-F0-9]{3}-[89abAB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$)
User id