This RPC can be used for login using a Kubernetes Service Account token.
OK
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
tenant: telco service: minikube role: default jwt: eyJhbGciOiJSUzI1NiIsImtpZCI6IlM0WC1vV3lqazFWVnZRNG9QUWg2c2owakItUF9wdzU2NVhBc0c2RE9PbmcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFwcC1hLXRva2VuLWY5anBzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFwcC1hIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYWZiNDZkNjAtZWQ3Mi00YTAwLTk5MmYtM2QyYzE5YjMyOGE0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YXBwLWEifQ.ZMrUeVWV-umxU07WZEYFUcYdSTnVSCvsBQH54yGIOzkWWknNMw9dYwGP9g_lOMwmmSCx0v54q4EAq-2CLsRrct9_zyW7W9oXRDCgr3uyCmzJpH8yUeVmPNHb60kZdP3EmjGIXseUJexd_CO82VCcH-eKdSpjkOaEYsJJ6dAZ451z9DkXQtNX9Ct0NuSbzA9mwDxPcSfjMYn_fBhSwdi-X8V5OxIxkw43V2nzb9nPesKzFxZAIr6JU7qHoUEbznfZZ4j7FbROjOZOloqSiA7TdUu1oEbNWj2zqUHvyWps_Gxl39z_Yl3azY_M6kUeuDbgrLrC4QFX9b1X6nXAkKTLcA
token: acd71235-18ec-4035-a4c0-7a79e1bd1ded expires-in: 2764800 expires: 2022-01-12T15:49:54.078484Z accessor: 601ab2f4-9e3a-4e1e-9a99-81aff088cf0e creation-time: 2022-01-11T15:49:54.078484Z renewal-time: 2022-01-11T15:49:54.078484Z
Authenticate towards the system. Providing a tenant is optional, if the username is unique in the system.
OK
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
username: joe@popcorn-systems.com password: secret-password tenant: popcorn-systems otp: "345789" cookie: false
token: 09715875-ac45-4ad7-bfad-00eea3949094 expires-in: 1209600 expires: 2021-02-16T14:24:20.030665Z accessor: 3be91214-176c-4b4d-bae7-4c432f342661 creation-time: 2021-02-15T14:24:20.030665Z renewal-time: 2021-02-15T14:24:20.030665Z totp-required: true totp-enabled: true
Last step of the OIDC login process. The OIDC server redirects the client to this RPC with the proper state and code. If authentication is successful a valid token is returned.
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
state: addbf712-95d1-4058-be82-45b76fc04e5c code: JVX9fZTK9fvsRZxuZ3uuGUuh1zPps1Ng nonce: ee8342cc-7273-4409-99c6-3ca5d894652e
message: Login succeeded token: 09715875-ac45-4ad7-bfad-00eea3949094 expires-in: 1209600 expires: 2021-02-16T14:24:20.030665Z accessor: 3be91214-176c-4b4d-bae7-4c432f342661 creation-time: 2021-02-15T14:24:20.030665Z renewal-time: 2021-02-15T14:24:20.030665Z
This RPC can be used for login through the OIDC facility. The typical flow from a web backend is:
Note that it is possible to do an oidc-login without any parameters.
The auction will then look for an oidc configuration at the sys
tenant, and if that is missing look for an oidc config at the
edge-provider tenant. If oidc isn't provided the value default
will be used.
OK
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
tenant: acme oidc: qlik role: default terminal: false cookie: false
url: http://192.168.100.36:9000/auth?client_id=JVX9fZTK9fvsRZxuZ3uuGUuh1zPps1Ng&response_type=code&redirect_uri=https%3A%2F%2F192.168.100.101%3A4646%2Fv1%2Foidc-callback&scope=openid+profile+email+avassa&state=M2Q3MmU5YmMtNDhmOC00Njg0LWJmY2YtNDJlYTg2ZmQ2NmZhOmZvby5hY21lLmNvbQ%3D%3D&nonce=52b947c5-38de-4fda-95ba-fcaa34f97a5f terminal-id: eecfbbef-f61e-4a4f-8f97-1924c089181d state: addbf712-95d1-4058-be82-45b76fc04e5c