Page Comparison

...

Synapse supports authentication via OpenID.  Specifically there is a service which performs the OpenID handshake and, upon success, logs the user into Synapse and returns a Synapse session token.  If it is the first time that the user has logged in to Synapse, then after successful OpenID authentication a new user account is created, a session is created and the session token is returned.  The basic request is:

POST https://www.synapse.sagebase.org/Portal/openid?OPEN_ID_PROVIDER=<OpenIDEndpoint><ProviderName>&RETURN_TO_URL=<RedirectURL>

...

<ProviderName> is the name of a supported OpenID provider.  At this time the only allowed value is GOOGLE and this value will be used in the remaining examples.

Synapse supports the GET method, as required by applications which redirect requests to this service.

GET https://www.synapse.sagebase.org/Portal/openid?OPEN_ID_PROVIDER=<OpenIDEndpoint>GOOGLE&RETURN_TO_URL=<RedirectURL>

...

HTTP/1.1 302 Moved Temporarily
...
Location: <RedirectURL>?sessionToken=<SessionToken>
...

...

POST https://synapse.sagebase.org/Portal/openid?OPEN_ID_PROVIDER=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&RETURN_TO_URL=<RedirectURL>

If successful, but if the user has not yet accepted the Synapse Terms of Use (ToU), then the result is a Forbidden response:

HTTP/1.1 403302 Forbidden
{"reason":"You must accept the Synapse Terms of Use."}Moved Temporarily
...
Location: <RedirectURL>?sessionToken=TermsOfUseAcceptanceRequired
...

In this case, authentication must be repeated with explict ToU acceptance.  The client should display the ToU and request the user's acceptance.  The ToU are available at this URL:

https://auth-prodwww.sagebase.org/auth/v1/termsOfUse.html

Once the user has accepted the ToU, the authentication request may repeated, including a new request parameter acceptsTermsOfUse=true:

POST https://synapsewww.sagebase.org/Portal/openid?OPEN_ID_PROVIDER=<OpenIDEndpoint>GOOGLE&acceptsTermsOfUse=true&RETURN_TO_URL=<RedirectURL>

...