Appearance
getUserScheme ​
Returns the authentication scheme for an INTERACT end user. Once SSO (both Inbound and Outbound) is added we now have three authentication types:
S=Standard - this is the current SAM authentication mechanism which all users will default to when added. I=Inbound Federation - this is the Vertex model where we are not IdP but a client uses their own IdP to login to myINTERACT. O=Outbound Federation - this is the Pfizer/Roche model where INTERACT are IdP yet need to support SSO to external secured resources.
Depending on which authentication type a user is flagged as the response will be different.
As of Feb 2024 now includes new fields ssoProviderType with possible values OIDC OP (social) and SAML IdP (SAML Identity Provider) as well as providerName e.g. GOOGLE or APPLE
Request ​
http
POST /rest/user/schemeParameters ​
| Parameter | Type | Required | Description |
|---|---|---|---|
uEmail | String | Yes | Email address of user to determine their authentication scheme. |
deviceType | String | Yes | One of the existing device types - iPad, iPhone, Desktop, Android Tablet, or Android Phone. |
appCode | String | Yes | One of the existing app types - NI or MI. |
json
{
"uEmail": "whoever@yopmail.com",
"deviceType": "Android Phone",
"appCode": "MY"
}Response ​
200 OK ​
SAMPLE RESPONSE:
Response Fields ​
| Field | Type | Description |
|---|---|---|
type | String(1) | The authentication type I=Inbound, O=Outbound, or S=Standard. |
clientId | String | The oauth client id used to authenticate with IdP. See API pingLogin. |
clientSecret | String | The oauth client secret used to authenticate with IdP. See API pingLogin. |
idpUrl | String | The URL of the IdP (INTERACT's Ping Federate server) to authenticate and communicate SSO flows. |
loginHint | String | The user federation id related to idp. Will return the unique id used for federation between IdP and SP i.e. Global SSO Id in SAM terms. Only for Inbound SSO. |
idp | String | The IdP Id (SAML Entity Id) used for authentication requests to IdP for inbound federation. Only for Inbound SSO. |
(OUTBOUND) Response:
json
{
"type":"O",
"clientId": "app_client",
"clientSecret": "TESTXkJTN2CPPdxDm5BfJPiZvdGSWUltMSiILNrkLy503Pk2NCauGubA9GVuNRAvM9Ez",
"idpUrl": "https://test-idp.interact.technology:9031/",
"idpDomain": "test-idp.interact.technology"
}json
{
"type":"I",
"clientId":"<oauth_client_id_to_auth_with_idp",
"clientSecret":"<client_secret>",
"idpUrl":"<idp_url_to_send_request>",
"idp":"<idp_id_for_authentication>",
"idpDomain": "test-idp.interact.technology"
"loginHint":"<user_federation_id_related_to_idp>"
}json
{
"type": "I",
"idpUrl": "https://test-interact-idp.auth.ap-southeast-2.amazoncognito.com/oauth2/authorize?identity_provider=Google&response_type=CODE&client_id=5k2jkgrhk454ul0580hq20mtpf&scope=aws.cognito.signin.user.admin email openid phone profile&redirect_uri=myinteract://ssosignedin",
"idpDomain": "test-interact-idp.auth.ap-southeast-2.amazoncognito.com",
"redirectUrl": "myinteract://ssosignedin",
"loginHint": "Google_103710890789278657537",
"idp": "https://test-interact-idp.auth.ap-southeast-2.amazoncognito.com",
"ssoProviderType": "OIDC OP",
"providerName": "GOOGLE"
}json
{
"type":"S"
}Errors ​
| Exception | Description |
|---|---|
InvalidParameterException | See Error Definitions |
UserNotEnabledForMIException | See Error Definitions |
UserNotEnabledForNIException | See Error Definitions |
NotYetRegisteredForMIException | See Error Definitions |
UserAccountLockedException | See Error Definitions |
UserServiceException | See Error Definitions |