...
| HTTP TYPE | Response | URL | Request | Description | |||||
|---|---|---|---|---|---|---|---|---|---|
| POST | Session | /openId/authenticate | QueryString | This method is used authenticate a user using OpenID. Upon success, a session token will be return that can be used with most other REST calls. After completing the OpenID communicatoincommunication with an OpenID provider, the resulting query string returned from the OpenID provider is passed to this service. If the query string signature is valid and the OpenId is bound to a Synpase user the Session token will be returned ( 200201). If the signature is not valid a 401 will be returned. If the signature is valid but the OpenID is not bound to a user a Precondition Failed (412) will be returned. For the latter case, see POST /openid/bind. | |||||
| POST | String | /openid/bind | SessionToken, QueryString | Before a user can authenticate using OpenID, the caller must first authenticate with another method and then bind the OpenID to a user providing both a valid session token and query string from the OpenId provider. | POST | String | /openid/bindID | Session, QueryString | they must first bind their OpenID to their Synapse user account. To bind an OpenId to an account the user must first authenticate via some other means (username/password, api key, or even another bound OpenID) to get a session token. This is necessary to validate that a user actually wants to allow the ID to be bound to their account. This method is idempotent. This method will return 201 for success with user's OpenID (string). |
| GET | List<String> | /openid/bind | SessionToken | List the OpenIds bound to a user. A user can only list their own OpenIDs. | |||||
| DELETE | Boolean | /openid/bind | SessionToken, OpenID (string) | This call is used to "unbind" and OpenId from a user's account. Once an OpenID is removed, the caller will no longer be able to authenticate via that OpenID. |