Protocols/WebAPI/Auth/Client/clientLogin

From NINA Wiki
Revision as of 16:26, 25 March 2020 by AD (talk | contribs)
Jump to navigation Jump to search
WebAPI Protocol
Basic
Introduction
Clients
Whimsicals
Host Interaction
Flow
Authentication
Client
WebApp
Other Services
Foodgroups

This page is about the clientLogin method for WebAPI authentication.

Initial Request

  • HTTP Method
    • POST
      (NOTE: All request parameters must passed in the POST body only, and not in the query string)
  • HTTP Header
    • X-Forwarded-For (required if proxying clientLogin requests)
      • Clients/Servers using 'clientLogin' must pass the peer-ip from the requests they receive from their clients as X-Forwarded-For header in the 'clientLogin' request, so OpenAuth can enforce rate limits on the correct client IP. If the incoming request already has an X-Forwarded-For header, you should append peer-ip to it before sending it as X-Forwarded-For header in OpenAuth requests.
  • Arguments
    • devId (required)
      • your developer Id required to access NINA APIs
    • f (required)
      • the required format of the response (json or xml or qs)
    • s (required)
      • the loginID of the source user
    • language (optional)
      • the required language and locale of the error/status messages. This is always in "<lang>-<locale>" format. The lang is the 2 letter language code for I18N (default: en) and the locale is the 2 letter Locale code for I18N (default: us). If not passed in, the language will be extracted from HTTP header (Accept-Language) and if that is not available will default to "en-us". Check below for our current supported language list.
    • tokenType (optional)
      • "shortterm" (session based token - max life 24 hrs - default) or "longterm" (valid for 1 year) or any non-negative long value representing the required Token validity in seconds
    • c (optional)
      • the callback method to use when using jsonp convention (argument f = json)
    • r (optional)
      • an URL safe string to be used as requestId - when passed it is returned back in the response
    • pwd (optional)
      • User's Password when initiating the request for the first time or when Password challenge is returned in previous request
    • securid (optional)
      • User's SecurId when SecurId challenge is returned in previous request
    • asqAnswer (optional)
      • NINA Account Security Question's Answer when ASQ challenge is returned in previous request
    • word (optional)
      • Captcha Word when Captcha challenge is returned in previous request
    • context (optional)
      • Authentication Context returned in previous directLogin request when additional challenges are required
    • authMethod (optional)
      • Authentication Method required in addition to PWD (default)
      • Additional authMethod supported in this phase is "ASQ" (Account Security Question)
    • idType (optional)
      • You can pass value as "ICQ" to make sure you are authenticating an ICQ user (both numeric id and email alias)
      • No need to pass if you are just authenticating NINA/AIM users and even ICQ numeric ids only (not ICQ email aliases)
    • rlToken (optional)
      • Rate Limit Token obtained via a previous directLogin call with successful captcha challenge for the same user ('s' must match)
      • If user loginId doesn't match, rlToken would be ignored
    • clientName (optional)
      • An optional name of the Client
    • clientVersion (optional)
      • An optional version of the Client