...
Synapse supports authentication via OpenID. Specifically there is a service which performs the OpenID handshake and, upon success, logs the user into Synapse and returns a Synapse session token. If it is the first time that the user has logged in to Synapse, then after successful OpenID authentication a new user account is created, a session is created and the session token is returned. The basic request is:
| Code Block |
|---|
POST https://synapse.sagebase.org/Portal/openid?OPEN_ID_PROVIDER=<OpenIDEndpoint>&RETURN_TO_URL=<RedirectURL>
|
The successful response is a redirect to <RedirectURL>:<sessonToken>:
| Code Block |
|---|
HTTP/1.1 302 Moved Temporarily ... Location: <RedirectURL>:<sessionToken> ... |
To authenticate against Google's OpenID endpoint, the command request is:
| Code Block |
|---|
POST https://synapse.sagebase.org/Portal/openid?OPEN_ID_PROVIDER=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&RETURN_TO_URL=<RedirectURL> |
If unsuccessful the response is ????.If successful, but if the user has successful, but if the user has not yet accepted the Synapse Terms of Use (ToU), the response is ????.In the case that the user does not accept the ToU, then instead of a session token, the redirect URL contains the literal string "TermsOfUseAcceptanceRequired":
| Code Block |
|---|
HTTP/1.1 302 Moved Temporarily
...
Location: <RedirectURL>:TermsOfUseAcceptanceRequired
...
|
In this case then authentication must be repeated with explict ToU acceptance. The client should display the ToU and request the user's acceptance. The ToU are available at this URL:
| Code Block |
|---|
https://auth-prod.sagebase.org/auth/v1/termsOfUse.html
|
Once the user has accepted the ToU, the authentication request may repeated, including a new request parameter acceptsTermsOfUse=true:
| Code Block |
|---|
POST https://synapse.sagebase.org/Portal/openid?OPEN_ID_PROVIDER=<OpenIDEndpoint>&acceptsTermsOfUse=true&RETURN_TO_URL=<RedirectURL> |
...