Appearance
pingLogin ​
OUTBOUND FEDERATION Authenticates an existing INTERACT user with AuthenticationType=O (Outbound) via Ping Federate. Assumes the user exists and is sync'ed to LDAP.
Returns an OAuth 2.0 access token that can be used to:
- Login to SAM to retrieve a SAM auth token.
- Obtain an
OpenTokenfor use with Outbound SSO (SAML and hopefully OIDC).
INBOUND FEDERATION Authenticates an existing INTERACT user with AuthenticationType=I (Inbound) via Ping Federate. Following a successful call to getLoginSchema, redirect to IdP, and successful login at IdP, the IdP response should contain the following header values: code - access/session code from IdP. NOTE: You use the code value to call this API to receive access/refresh tokens from Ping Federate which you can use against SAM. state - internal session state passed between IdP/SP. errorCode - the error code if an error occurs. errorMsg - the longer description error message relating to errorCode
Request ​
http
POST /as/token.oauth2Parameters ​
Outbound Federation:
| Parameter | Type | Required | Description |
|---|---|---|---|
grant_type | String | Yes | The OAuth grant type. Hard-code to password for username/password check against LDAP. |
scope | String | Yes | The scope of the OAuth grant. Hard-code to sso. |
client_id | String | Yes | The name of the client for user authentication from client app. Returned by getLoginScheme API. |
client_secret | String | Yes | The secret of the client for user authentication from client app. Returned by getLoginScheme API. |
username | String | Yes | User's email address e.g. test.outbound.auth.int@yopmail.com |
password | String | Yes | User's password e.g. Pa55word |
Inbound Federation:
| Parameter | Type | Required | Description |
|---|---|---|---|
grant_type | String | Yes | The OAuth grant type. Hard-code to authorization to authorise IdP against Ping. |
redirect_uri | String | Yes | The redirect URI when this authorisation is successful. Hard-code to myinteract://ssosignedin. |
client_id | String | Yes | The name of the client for user authentication from client app. Returned by getLoginScheme API. |
client_secret | String | Yes | The secret of the client for user authentication from client app. Returned by getLoginScheme API. |
code | String | Yes | The value returned in header name code from IdP flow response. |
Response ​
200 OK ​
SAMPLE RESPONSE
json
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImsxIn0.eyJzY29wZSI6WyJzc28iXSwiY2xpZW50X2lkX25hbWUiOiJhcHBfY2xpZW50IiwiYWdpZCI6InJJTm9HNmVjSkly....G1CHBO2JD6g",
"refresh_token": "R3UIEY7U1IcUVooSMR4DIWY5BKwkecNgK3t7L3Exq4",
"token_type": "Bearer",
"expires_in": 7199
}Errors ​
| Exception | Description |
|---|---|
Aaron TODO | See Error Definitions |
Example cURL ​
bash
curl -s -k -X POST "https://test-idp.interact.technology:9031/as/token.oauth2" \
-d "grant_type=password&scope=sso&client_id=app_client&client_secret=6ELZDjXilGEYg8w9Np8oOiVS85RGx6L0D2zx2qb4njssW5ig3FKretR7QDJl1iBE&username=test.outbound.auth.int@yopmail.com&password=Pa55word"