Versions Compared

Old Version 121

changes.mady.by.user Bruce Hoff

Saved on

compared with

New Version Current

changes.mady.by.user David Burdick

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Synapse supports authentication via OpenID .  Specifically there is a service which performs the OpenID handshake and, upon success, logs the user into Synapse and returns a Synapse session token. The basic request is:

Code Block
POST https://www.synapse.org/Portal/openid?OPEN_ID_PROVIDER=<ProviderName>&RETURN_TO_URL=<RedirectURL>

<ProviderName> is the name of a supported OpenID provider.  At this time the only allowed value is GOOGLE and this value will be used in the remaining examples.

Synapse supports the GET method, as required by applications which redirect requests to this service.

Code Block
GET https://www.synapse.org/Portal/openid?OPEN_ID_PROVIDER=GOOGLE&RETURN_TO_URL=<RedirectURL>

Note:  Successful completion of this request (1) requires that the user already exists in the Synapse user database, but (2) does NOT require the the user has already signed the Synapse Terms of Use. ( To create the user in Synapse, use the user creation service described above: CreateUser.  )  The successful response to the OpenID log-in request is a redirect to <RedirectURL> with extra request parameters to hold (1) an authentication status indicator (OK) and (2) the session token:

Code Block
HTTP/1.1 302 Moved Temporarily
...
Location: <RedirectURL>?status=OK&sessionToken=<sessionToken>
...

If the user does not exist in the Synapse user database, this is indicated in the response parameter:

Code Block
HTTP/1.1 302 Moved Temporarily
...
Location: <RedirectURL>?status=OpenIDUnknownUser
...

If authentication is unsuccessful for another reason then the result is:

Code Block
HTTP/1.1 302 Moved Temporarily
...
Location: <RedirectURL>?status=OpenIDError
...

As always, after authenticating before making authenticated requests to Synapse, the user must accept the Synapse Terms of Use.  To check whether the user has signed the Synapse Terms of Use, use the token refresh service described above, RefreshToken%28resettimer%29.  A 403 Forbidden response means that the user has not yet accepted the Terms of Use.  To accept the Synapse Terms of Use, use this service: AccepttheSynapseTermsofUsewith Google as the identity provider.  You as a client initiate the users identity verification with Google, and pass through the URL parameters to our REST api which will unpack the openID parameters, and verify the account. If login is successful a Session object will be returned. See the Synapse Authentication REST API documentation for details. 

Sample commands, issued from cURL:

...